From fad6b1497c672a8b87ce0e2c19b5e27af9589d8a Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Tue, 25 Mar 2025 15:48:20 -0700 Subject: [PATCH 01/12] adds gecko service to helm chart --- helm/gecko/Chart.yaml | 33 +++ helm/gecko/templates/NOTES.txt | 1 + helm/gecko/templates/_helpers.tpl | 81 ++++++ helm/gecko/templates/db-init.yaml | 6 + helm/gecko/templates/deployment.yaml | 116 +++++++++ helm/gecko/templates/external-secret.yaml | 1 + helm/gecko/templates/service.yaml | 15 ++ helm/gecko/templates/serviceaccount.yaml | 12 + .../templates/tests/test-connection.yaml | 15 ++ helm/gecko/values.yaml | 237 ++++++++++++++++++ helm/gen3/Chart.yaml | 4 + helm/grip/templates/deployment.yaml | 22 +- .../gen3.nginx.conf/gecko-service.conf | 26 ++ 13 files changed, 565 insertions(+), 4 deletions(-) create mode 100644 helm/gecko/Chart.yaml create mode 100644 helm/gecko/templates/NOTES.txt create mode 100644 helm/gecko/templates/_helpers.tpl create mode 100644 helm/gecko/templates/db-init.yaml create mode 100644 helm/gecko/templates/deployment.yaml create mode 100644 helm/gecko/templates/external-secret.yaml create mode 100644 helm/gecko/templates/service.yaml create mode 100644 helm/gecko/templates/serviceaccount.yaml create mode 100644 helm/gecko/templates/tests/test-connection.yaml create mode 100644 helm/gecko/values.yaml create mode 100644 helm/revproxy/gen3.nginx.conf/gecko-service.conf diff --git a/helm/gecko/Chart.yaml b/helm/gecko/Chart.yaml new file mode 100644 index 000000000..efea6b380 --- /dev/null +++ b/helm/gecko/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +name: gecko +description: A Helm chart for caliper gecko + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "master" + +dependencies: +- name: common + version: 0.1.10 + repository: file://../common +- name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/gecko/templates/NOTES.txt b/helm/gecko/templates/NOTES.txt new file mode 100644 index 000000000..c1e7e1aef --- /dev/null +++ b/helm/gecko/templates/NOTES.txt @@ -0,0 +1 @@ +{{ .Chart.Name }} has been deployed successfully. diff --git a/helm/gecko/templates/_helpers.tpl b/helm/gecko/templates/_helpers.tpl new file mode 100644 index 000000000..e45c2387f --- /dev/null +++ b/helm/gecko/templates/_helpers.tpl @@ -0,0 +1,81 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gecko.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gecko.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gecko.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gecko.labels" -}} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gecko.selectorLabels" -}} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gecko.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gecko.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* + Postgres Password lookup +*/}} +{{- define "gecko.postgres.password" -}} +{{- $localpass := (lookup "v1" "Secret" "postgres" "postgres-postgresql" ) -}} +{{- if $localpass }} +{{- default (index $localpass.data "postgres-password" | b64dec) }} +{{- else }} +{{- default .Values.postgres.password }} +{{- end }} +{{- end }} + diff --git a/helm/gecko/templates/db-init.yaml b/helm/gecko/templates/db-init.yaml new file mode 100644 index 000000000..5ef14e87e --- /dev/null +++ b/helm/gecko/templates/db-init.yaml @@ -0,0 +1,6 @@ +{{ include "common.db-secret" . }} +--- +{{ include "common.db_setup_job" . }} +--- +{{ include "common.db_setup_sa" . }} +--- \ No newline at end of file diff --git a/helm/gecko/templates/deployment.yaml b/helm/gecko/templates/deployment.yaml new file mode 100644 index 000000000..96a574695 --- /dev/null +++ b/helm/gecko/templates/deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gecko-deployment + labels: + {{- include "gecko.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "gecko.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gecko.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gecko.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + exec: + command: ["true"] + readinessProbe: + exec: + command: ["true"] + resources: + {{- toYaml .Values.resources | nindent 12 }} + command: ["sh"] + args: + - "-c" + - | + set -e + # set env vars + export PGSSLMODE="disable" + until false; do + sleep 5 + done + + env: + {{- toYaml .Values.env | nindent 12 }} + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: password + optional: false + - name: PGUSER + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: username + optional: false + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: database + optional: false + - name: PGHOST + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: host + optional: false + - name: PGPORT + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: port + optional: false + - name: PGSSLMODE + value: disable + - name: DBREADY + valueFrom: + secretKeyRef: + name: gecko-dbcreds + key: dbcreated + optional: false + + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml .Values.volumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/helm/gecko/templates/external-secret.yaml b/helm/gecko/templates/external-secret.yaml new file mode 100644 index 000000000..70c278fea --- /dev/null +++ b/helm/gecko/templates/external-secret.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/gecko/templates/service.yaml b/helm/gecko/templates/service.yaml new file mode 100644 index 000000000..11d39abc6 --- /dev/null +++ b/helm/gecko/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: gecko-service + labels: + {{- include "gecko.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "gecko.selectorLabels" . | nindent 4 }} diff --git a/helm/gecko/templates/serviceaccount.yaml b/helm/gecko/templates/serviceaccount.yaml new file mode 100644 index 000000000..e92aa5ad8 --- /dev/null +++ b/helm/gecko/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gecko.serviceAccountName" . }} + labels: + {{- include "gecko.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/gecko/templates/tests/test-connection.yaml b/helm/gecko/templates/tests/test-connection.yaml new file mode 100644 index 000000000..c83aea1a5 --- /dev/null +++ b/helm/gecko/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "gecko-test-connection" + labels: + {{- include "gecko.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['gecko-service:{{ .Values.service.port }}/health'] + restartPolicy: Never diff --git a/helm/gecko/values.yaml b/helm/gecko/values.yaml new file mode 100644 index 000000000..50a1d08a9 --- /dev/null +++ b/helm/gecko/values.yaml @@ -0,0 +1,237 @@ +# Default values for gecko. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + + +# Global configuration +global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: + # -- (bool) Whether the deployment is for development purposes. + dev: true + + postgres: + # -- (bool) Whether the database should be created. + dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" + # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres + master: + # -- (string) hostname of postgres server + host: + # -- (string) username of superuser in postgres. This is used to create or restore databases + username: postgres + # -- (string) password for superuser in postgres. This is used to create or restore databases + password: + # -- (string) Port for Postgres. + port: "5432" + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (string) Hostname for the deployment. + hostname: localhost + # -- (string) ARN of the reverse proxy certificate. + revproxyArn: arn:aws:acm:us-east-1:123456:certificate + # -- (string) URL of the data dictionary. + dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json + # -- (string) Portal application name. + portalApp: gitops + # -- (string) S3 bucket name for Kubernetes manifest files. + kubeBucket: kube-gen3 + # -- (string) S3 bucket name for log files. + logsBucket: logs-gen3 + # -- (bool) Whether public datasets are enabled. + publicDataSets: true + # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` + tierAccessLevel: libre + # -- (bool) Whether network policies are enabled. + netPolicy: true + # -- (int) Number of dispatcher jobs. + dispatcherJobNum: "10" + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any gecko secrets you have deployed. + deploy: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + dbcreds: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: + +# -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you +postgres: + # -- (bool) Whether the database should be created. Default to global.postgres.dbCreate + dbCreate: + # -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host + host: + # -- (string) Database name for postgres. This is a service override, defaults to - + database: + # -- (string) Username for postgres. This is a service override, defaults to - + username: + # -- (string) Port for Postgres. + port: "5432" + # -- (string) Password for Postgres. Will be autogenerated if left empty. + password: + # -- (string) Will create a Database for the individual service to help with developing it. + separate: false + +# -- (map) Postgresql subchart settings if deployed separately option is set to "true". +# Disable persistence by default so we can spin up and down ephemeral environments +postgresql: + primary: + persistence: + # -- (bool) Option to persist the dbs data. + enabled: false + + +# -- (int) Number of replicas for the deployment. +replicaCount: 1 + +# -- (map) Docker image information. +image: + # -- (string) Docker repository. + repository: quay.io/ohsu-comp-bio/gecko + # -- (string) Docker pull policy. + pullPolicy: IfNotPresent + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "test" + +# -- (list) Docker image pull secrets. +imagePullSecrets: [] + +# -- (string) Override the name of the chart. +nameOverride: "" + +# -- (string) Override the full name of the deployment. +fullnameOverride: "" + +# -- (map) Service account to use or create. +serviceAccount: + # -- (bool) Specifies whether a service account should be created. + create: true + # -- (map) Annotations to add to the service account. + annotations: {} + # -- (string) The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +# Declare variables to be passed into your templates. + +# -- (map) Annotations to add to the pod +podAnnotations: {} + +# -- (map) Security context to apply to the pod +podSecurityContext: + # fsGroup: 2000 + +# -- (map) Security context to apply to the container +securityContext: {} + + # -- (map) Linux capabilities to drop + # capabilities: + # drop: + # - ALL + + # -- (bool) Whether to use a read-only root filesystem + # readOnlyRootFilesystem: true + + # -- (bool) Whether to run the container as a non-root user + # runAsNonRoot: true + + # -- (int) The user ID to run the container as + # runAsUser: 1000 + +# -- (map) Kubernetes service information. +service: + # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". + type: ClusterIP + # -- (int) The port number that the service exposes. + port: 80 + +# -- (map) Resource requests and limits for the containers in the pod +resources: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 0.1 + # -- (string) The amount of memory requested + memory: 12Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of CPU the container can use + cpu: 1.0 + # -- (string) The maximum amount of memory the container can use + memory: 512Mi + +# -- (map) Configuration for autoscaling the number of replicas +autoscaling: + # -- (bool) Whether autoscaling is enabled + enabled: false + # -- (int) The minimum number of replicas to scale down to + minReplicas: 1 + # -- (int) The maximum number of replicas to scale up to + maxReplicas: 100 + # -- (int) The target CPU utilization percentage for autoscaling + targetCPUUtilizationPercentage: 80 + # -- (int) The target memory utilization percentage for autoscaling + # targetMemoryUtilizationPercentage: 80 + +# -- (map) Node selector to apply to the pod +nodeSelector: {} + +# -- (list) Tolerations to apply to the pod +tolerations: [] + +# -- (map) Affinity rules to apply to the pod +affinity: {} + +# -- (list) Volumes to attach to the pod +volumes: [] + +# -- (list) Volume mounts to attach to the container +volumeMounts: [] + +# -- (list) Environment variables to pass to the container +env: + # -- (string) The URL of the JSON Web Key Set (JWKS) endpoint for authentication + - name: JWKS_ENDPOINT + value: "http://fence-service/.well-known/jwks" + + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Authentication" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index a06118a8d..219d7c5bd 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -43,6 +43,10 @@ dependencies: version: 0.1.0 repository: "file://../fhir-server" condition: fhir-server.enabled +- name: gecko + version: "0.1.0" + repository: "file://../gecko" + condition: gecko.enabled - name: grip version: "0.1.0" repository: "file://../grip" diff --git a/helm/grip/templates/deployment.yaml b/helm/grip/templates/deployment.yaml index 00f82ac28..458c597f2 100644 --- a/helm/grip/templates/deployment.yaml +++ b/helm/grip/templates/deployment.yaml @@ -74,10 +74,24 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} command: - - "/bin/sh" - - "-c" - - > - grip server -c mongo.yml -w graphql=gen3_writer.so -w reader=grip-graphql-endpoint.so -l reader:config=./config/gen3.js -l reader:graph=CALIPER + - /app/grip + args: + - server + - -c + - mongo.yml + - -w + - graphql=gen3_writer.so + - -w + - reader=grip-graphql-endpoint.so + - -l + - reader:config=./config/gen3.js + - -l + - reader:graph=CALIPER + env: + - name: GOMAXPROCS + value: "4" + - name: GOMEMLIMIT + value: "7000000000" {{- with .Values.nodeSelector }} nodeSelector: diff --git a/helm/revproxy/gen3.nginx.conf/gecko-service.conf b/helm/revproxy/gen3.nginx.conf/gecko-service.conf new file mode 100644 index 000000000..66d362bcc --- /dev/null +++ b/helm/revproxy/gen3.nginx.conf/gecko-service.conf @@ -0,0 +1,26 @@ +location /ExplorerConfig/health { + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + send_timeout 600s; + + set $proxy_service "gecko-health"; # You can name this differently for clarity in logs + set $upstream http://gecko-service.$namespace.svc.cluster.local; + + rewrite ^/ExplorerConfig/health$ /health break; + proxy_pass $upstream; +} + +location /ExplorerConfig/ { + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + send_timeout 600s; + + set $proxy_service "gecko"; + set $upstream http://gecko-service.$namespace.svc.cluster.local; + + rewrite ^/ExplorerConfig/(.*)$ /config/$1 break; + proxy_pass $upstream$is_args$args; + client_max_body_size 0; +} \ No newline at end of file From 9b160eb3e475adce67850da0a70e5f68e4168f24 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Wed, 26 Mar 2025 14:04:09 -0700 Subject: [PATCH 02/12] update grip to use persistent pebble, and not mongo --- helm/gen3/Chart.yaml | 8 ---- helm/grip/templates/deployment.yaml | 43 ++++++------------- helm/grip/templates/grip-values.yaml | 2 - helm/grip/templates/pebble-pv.yaml | 25 +++++++++++ helm/grip/templates/pebble-pvc.yaml | 16 +++++++ helm/grip/templates/post-install.yaml | 2 +- .../gen3.nginx.conf/grip-service.conf | 15 ++++++- 7 files changed, 68 insertions(+), 43 deletions(-) create mode 100644 helm/grip/templates/pebble-pv.yaml create mode 100644 helm/grip/templates/pebble-pvc.yaml diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 219d7c5bd..edd8b2adf 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -63,18 +63,10 @@ dependencies: version: 0.1.14 repository: "file://../indexd" condition: indexd.enabled -- name: manifestservice - version: 0.1.14 - repository: "file://../manifestservice" - condition: manifestservice.enabled - name: metadata version: 0.1.12 repository: "file://../metadata" condition: metadata.enabled -- name: mongodb - version: "16.0.3" - repository: "file://../mongodb" - condition: mongodb.enabled - name: portal version: 0.1.13 repository: "file://../portal" diff --git a/helm/grip/templates/deployment.yaml b/helm/grip/templates/deployment.yaml index 458c597f2..99ecf8a72 100644 --- a/helm/grip/templates/deployment.yaml +++ b/helm/grip/templates/deployment.yaml @@ -28,47 +28,29 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - - name: mongo-config-volume - configMap: - name: grip-values - initContainers: - - name: wait-for-mongodb - image: busybox:1.35 - command: - - "/bin/sh" - - "-c" - - | - echo "Waiting for MongoDB to be available..." - until nc -zv mongodb-service 27017; do - echo "MongoDB is not ready, sleeping..." - sleep 5 - done - echo "MongoDB is running" + - name: pebble-storage + persistentVolumeClaim: + claimName: pebble-pvc containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: mongo-config-volume - mountPath: /data/mongo.yml - subPath: mongoConfig - readOnly: true ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: - path: /graphql/_status + path: /writer/_status port: 8201 initialDelaySeconds: 10 periodSeconds: 60 timeoutSeconds: 30 readinessProbe: httpGet: - path: /graphql/_status + path: /writer/_status port: 8201 initialDelaySeconds: 10 resources: @@ -77,21 +59,22 @@ spec: - /app/grip args: - server - - -c - - mongo.yml + - -d + - grids - -w - - graphql=gen3_writer.so + - writer=gen3_writer.so - -w - - reader=grip-graphql-endpoint.so - - -l - - reader:config=./config/gen3.js + - graphql=gql-gen.so - -l - - reader:graph=CALIPER + - graphql:graph=CALIPER env: - name: GOMAXPROCS value: "4" - name: GOMEMLIMIT value: "7000000000" + volumeMounts: # Added volume mount + - name: pebble-storage + mountPath: /data/grip-grids.db {{- with .Values.nodeSelector }} nodeSelector: diff --git a/helm/grip/templates/grip-values.yaml b/helm/grip/templates/grip-values.yaml index bd4fa202a..5588e6997 100644 --- a/helm/grip/templates/grip-values.yaml +++ b/helm/grip/templates/grip-values.yaml @@ -4,5 +4,3 @@ metadata: name: grip-values data: serviceName: {{ .Values.serviceName | quote }} - mongoConfig: |- - {{ toYaml .Values.mongoConfig| nindent 4}} diff --git a/helm/grip/templates/pebble-pv.yaml b/helm/grip/templates/pebble-pv.yaml new file mode 100644 index 000000000..5bbdc6027 --- /dev/null +++ b/helm/grip/templates/pebble-pv.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pebble-pv + labels: + app.kubernetes.io/component: pebble-pv + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: pebble-pv + annotations: + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: default +spec: + storageClassName: "" # Leave empty if not using a storage class + volumeMode: Filesystem + capacity: + storage: 50Gi + accessModes: + - ReadWriteOnce + claimRef: + namespace: default + name: pebble-pvc + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /usr/share/pebble/data \ No newline at end of file diff --git a/helm/grip/templates/pebble-pvc.yaml b/helm/grip/templates/pebble-pvc.yaml new file mode 100644 index 000000000..0781da577 --- /dev/null +++ b/helm/grip/templates/pebble-pvc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: default + name: pebble-pvc + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi + volumeMode: Filesystem + volumeName: pebble-pv \ No newline at end of file diff --git a/helm/grip/templates/post-install.yaml b/helm/grip/templates/post-install.yaml index 71057cb40..439b3a680 100644 --- a/helm/grip/templates/post-install.yaml +++ b/helm/grip/templates/post-install.yaml @@ -19,7 +19,7 @@ spec: - "-c" - | echo "Waiting for the grip service to be available..." - until curl -s --head --request GET http://{{ .Values.serviceName }}:8201/graphql/_status | grep "200 OK" > /dev/null; do + until curl -s --head --request GET http://{{ .Values.serviceName }}:8201/writer/_status | grep "200 OK" > /dev/null; do echo "Grip service not ready, retrying in 5 seconds..." sleep 5 done diff --git a/helm/revproxy/gen3.nginx.conf/grip-service.conf b/helm/revproxy/gen3.nginx.conf/grip-service.conf index 0c272ac4a..e81f35fbe 100644 --- a/helm/revproxy/gen3.nginx.conf/grip-service.conf +++ b/helm/revproxy/gen3.nginx.conf/grip-service.conf @@ -8,12 +8,23 @@ location /grip/reader { proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/reader/api; } -location /grip/writer/ { +location /grip/write { proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; send_timeout 600s; rewrite ^/grip/writer/(.*)$ /$1 break; - proxy_pass http://grip-service.$namespace.svc.cluster.local:8201; + proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/write; } + +location /grip/graphql { + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + send_timeout 600s; + + rewrite ^/grip/(.*)$ /$1/query break; + + proxy_pass http://grip-service.$namespace.svc.cluster.local:8201; +} \ No newline at end of file From d2195096660dd25bdd5114bd296e2b26f32adffe Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Wed, 26 Mar 2025 14:36:15 -0700 Subject: [PATCH 03/12] update gecko to use real health check --- helm/gecko/templates/deployment.yaml | 18 ++++++++++-------- .../revproxy/gen3.nginx.conf/grip-service.conf | 4 ++-- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/helm/gecko/templates/deployment.yaml b/helm/gecko/templates/deployment.yaml index 96a574695..6c9271b16 100644 --- a/helm/gecko/templates/deployment.yaml +++ b/helm/gecko/templates/deployment.yaml @@ -39,11 +39,13 @@ spec: containerPort: 80 protocol: TCP livenessProbe: - exec: - command: ["true"] + httpGet: + path: /health + port: 80 readinessProbe: - exec: - command: ["true"] + httpGet: + path: /health + port: 80 resources: {{- toYaml .Values.resources | nindent 12 }} command: ["sh"] @@ -52,10 +54,10 @@ spec: - | set -e # set env vars - export PGSSLMODE="disable" - until false; do - sleep 5 - done + #until false; do + # sleep 5 + # done + ./bin/gecko env: {{- toYaml .Values.env | nindent 12 }} diff --git a/helm/revproxy/gen3.nginx.conf/grip-service.conf b/helm/revproxy/gen3.nginx.conf/grip-service.conf index e81f35fbe..1881bf7bd 100644 --- a/helm/revproxy/gen3.nginx.conf/grip-service.conf +++ b/helm/revproxy/gen3.nginx.conf/grip-service.conf @@ -8,14 +8,14 @@ location /grip/reader { proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/reader/api; } -location /grip/write { +location /grip/writer { proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; send_timeout 600s; rewrite ^/grip/writer/(.*)$ /$1 break; - proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/write; + proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/writer; } location /grip/graphql { From 3ff8447e7ee2900d9d7d77ac943e5bfb4ced0884 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Thu, 27 Mar 2025 09:35:15 -0700 Subject: [PATCH 04/12] add gecko db init job --- helm/gecko/templates/db-init-job.yaml | 76 +++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 helm/gecko/templates/db-init-job.yaml diff --git a/helm/gecko/templates/db-init-job.yaml b/helm/gecko/templates/db-init-job.yaml new file mode 100644 index 000000000..df7517add --- /dev/null +++ b/helm/gecko/templates/db-init-job.yaml @@ -0,0 +1,76 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "gecko.fullname" . }}-db-init +spec: + backoffLimit: 10 + template: + metadata: + labels: + app: gen3job + spec: + restartPolicy: OnFailure + containers: + - name: db-init + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/bash", "-c"] + args: + - | + #!/bin/bash + set -e + echo "Waiting for database to be ready..." + until psql -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d "$PGDATABASE" -c "SELECT 1"; do + echo "Database not ready yet, waiting..." + sleep 5 + done + echo "Database ready, initializing..." + psql -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d "$PGDATABASE" < Date: Mon, 7 Apr 2025 16:24:44 -0700 Subject: [PATCH 05/12] update gecko conf --- helm/revproxy/gen3.nginx.conf/gecko-service.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/helm/revproxy/gen3.nginx.conf/gecko-service.conf b/helm/revproxy/gen3.nginx.conf/gecko-service.conf index 66d362bcc..32195a4c1 100644 --- a/helm/revproxy/gen3.nginx.conf/gecko-service.conf +++ b/helm/revproxy/gen3.nginx.conf/gecko-service.conf @@ -11,6 +11,21 @@ location /ExplorerConfig/health { proxy_pass $upstream; } +location /ExplorerConfig/list { + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + send_timeout 600s; + + set $proxy_service "gecko-list"; + set $upstream http://gecko-service.$namespace.svc.cluster.local; + + rewrite ^/ExplorerConfig/list /config/list break; + proxy_pass $upstream$is_args$args; + client_max_body_size 0; +} + + location /ExplorerConfig/ { proxy_connect_timeout 600s; proxy_send_timeout 600s; From e77da9438add4230e22a929c0beac08157c4d2af Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Tue, 15 Apr 2025 14:55:14 -0700 Subject: [PATCH 06/12] Adds Kafka --- helm/common/templates/_capabilities.tpl | 38 +- helm/common/templates/_errors.tpl | 110 +- helm/gen3/Chart.yaml | 4 + helm/kafka/.helmignore | 25 + helm/kafka/CHANGELOG.md | 2607 +++++++++++++++++ helm/kafka/Chart.yaml | 39 + helm/kafka/README.md | 1532 ++++++++++ helm/kafka/templates/NOTES.txt | 338 +++ helm/kafka/templates/_helpers.tpl | 990 +++++++ helm/kafka/templates/_init_containers.tpl | 512 ++++ .../templates/broker/config-secrets.yaml | 23 + helm/kafka/templates/broker/configmap.yaml | 53 + helm/kafka/templates/broker/hpa.yaml | 51 + .../kafka/templates/broker/networkpolicy.yaml | 94 + helm/kafka/templates/broker/pdb.yaml | 30 + helm/kafka/templates/broker/statefulset.yaml | 414 +++ .../templates/broker/svc-external-access.yaml | 75 + helm/kafka/templates/broker/svc-headless.yaml | 45 + helm/kafka/templates/broker/vpa.yaml | 46 + helm/kafka/templates/ca-cert.yaml | 53 + helm/kafka/templates/cert.yaml | 56 + .../controller-eligible/config-secrets.yaml | 23 + .../controller-eligible/configmap.yaml | 55 + .../templates/controller-eligible/hpa.yaml | 51 + .../controller-eligible/networkpolicy.yaml | 100 + .../templates/controller-eligible/pdb.yaml | 30 + .../controller-eligible/statefulset.yaml | 425 +++ .../svc-external-access.yaml | 77 + .../controller-eligible/svc-headless.yaml | 48 + .../templates/controller-eligible/vpa.yaml | 45 + helm/kafka/templates/extra-list.yaml | 9 + helm/kafka/templates/init-job.yaml | 44 + helm/kafka/templates/log4j2-configmap.yaml | 20 + .../templates/metrics/jmx-configmap.yaml | 70 + .../templates/metrics/jmx-servicemonitor.yaml | 49 + helm/kafka/templates/metrics/jmx-svc.yaml | 38 + .../templates/metrics/prometheusrule.yaml | 20 + helm/kafka/templates/provisioning/job.yaml | 325 ++ .../provisioning/serviceaccount.yaml | 17 + .../templates/provisioning/tls-secret.yaml | 21 + helm/kafka/templates/rbac/role.yaml | 26 + helm/kafka/templates/rbac/rolebinding.yaml | 25 + helm/kafka/templates/rbac/serviceaccount.yaml | 19 + helm/kafka/templates/secrets.yaml | 132 + helm/kafka/templates/svc.yaml | 76 + helm/kafka/templates/tls-secret.yaml | 65 + helm/kafka/values.yaml | 2475 ++++++++++++++++ 47 files changed, 11387 insertions(+), 33 deletions(-) create mode 100644 helm/kafka/.helmignore create mode 100644 helm/kafka/CHANGELOG.md create mode 100644 helm/kafka/Chart.yaml create mode 100644 helm/kafka/README.md create mode 100644 helm/kafka/templates/NOTES.txt create mode 100644 helm/kafka/templates/_helpers.tpl create mode 100644 helm/kafka/templates/_init_containers.tpl create mode 100644 helm/kafka/templates/broker/config-secrets.yaml create mode 100644 helm/kafka/templates/broker/configmap.yaml create mode 100644 helm/kafka/templates/broker/hpa.yaml create mode 100644 helm/kafka/templates/broker/networkpolicy.yaml create mode 100644 helm/kafka/templates/broker/pdb.yaml create mode 100644 helm/kafka/templates/broker/statefulset.yaml create mode 100644 helm/kafka/templates/broker/svc-external-access.yaml create mode 100644 helm/kafka/templates/broker/svc-headless.yaml create mode 100644 helm/kafka/templates/broker/vpa.yaml create mode 100644 helm/kafka/templates/ca-cert.yaml create mode 100644 helm/kafka/templates/cert.yaml create mode 100644 helm/kafka/templates/controller-eligible/config-secrets.yaml create mode 100644 helm/kafka/templates/controller-eligible/configmap.yaml create mode 100644 helm/kafka/templates/controller-eligible/hpa.yaml create mode 100644 helm/kafka/templates/controller-eligible/networkpolicy.yaml create mode 100644 helm/kafka/templates/controller-eligible/pdb.yaml create mode 100644 helm/kafka/templates/controller-eligible/statefulset.yaml create mode 100644 helm/kafka/templates/controller-eligible/svc-external-access.yaml create mode 100644 helm/kafka/templates/controller-eligible/svc-headless.yaml create mode 100644 helm/kafka/templates/controller-eligible/vpa.yaml create mode 100644 helm/kafka/templates/extra-list.yaml create mode 100644 helm/kafka/templates/init-job.yaml create mode 100644 helm/kafka/templates/log4j2-configmap.yaml create mode 100644 helm/kafka/templates/metrics/jmx-configmap.yaml create mode 100644 helm/kafka/templates/metrics/jmx-servicemonitor.yaml create mode 100644 helm/kafka/templates/metrics/jmx-svc.yaml create mode 100644 helm/kafka/templates/metrics/prometheusrule.yaml create mode 100644 helm/kafka/templates/provisioning/job.yaml create mode 100644 helm/kafka/templates/provisioning/serviceaccount.yaml create mode 100644 helm/kafka/templates/provisioning/tls-secret.yaml create mode 100644 helm/kafka/templates/rbac/role.yaml create mode 100644 helm/kafka/templates/rbac/rolebinding.yaml create mode 100644 helm/kafka/templates/rbac/serviceaccount.yaml create mode 100644 helm/kafka/templates/secrets.yaml create mode 100644 helm/kafka/templates/svc.yaml create mode 100644 helm/kafka/templates/tls-secret.yaml create mode 100644 helm/kafka/values.yaml diff --git a/helm/common/templates/_capabilities.tpl b/helm/common/templates/_capabilities.tpl index 2fe81d32d..6423fb116 100644 --- a/helm/common/templates/_capabilities.tpl +++ b/helm/common/templates/_capabilities.tpl @@ -12,6 +12,20 @@ Return the target Kubernetes version {{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} {{- end -}} +{{/* +Return true if the apiVersion is supported +Usage: +{{ include "common.capabilities.apiVersions.has" (dict "version" "batch/v1" "context" $) }} +*/}} +{{- define "common.capabilities.apiVersions.has" -}} +{{- $providedAPIVersions := default .context.Values.apiVersions ((.context.Values.global).apiVersions) -}} +{{- if and (empty $providedAPIVersions) (.context.Capabilities.APIVersions.Has .version) -}} + {{- true -}} +{{- else if has .version $providedAPIVersions -}} + {{- true -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for poddisruptionbudget. */}} @@ -36,6 +50,18 @@ Return the appropriate apiVersion for networkpolicy. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for job. +*/}} +{{- define "common.capabilities.job.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for cronjob. */}} @@ -157,14 +183,12 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler. */}} {{- define "common.capabilities.vpa.apiVersion" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta2" -}} {{- else -}} -{{- print "autoscaling/v2" -}} +{{- print "autoscaling/v1" -}} {{- end -}} {{- end -}} diff --git a/helm/common/templates/_errors.tpl b/helm/common/templates/_errors.tpl index e96536519..06b26d0dd 100644 --- a/helm/common/templates/_errors.tpl +++ b/helm/common/templates/_errors.tpl @@ -1,28 +1,86 @@ {{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} + Copyright Broadcom, Inc. All Rights Reserved. + SPDX-License-Identifier: APACHE-2.0 + */}} + + {{/* vim: set filetype=mustache: */}} + {{/* + Throw error when upgrading using empty passwords values that must not be empty. + + Usage: + {{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} + {{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} + {{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + + Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. + */}} + {{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} + {{- end -}} + + {{/* + Throw error when original container images are replaced. + The error can be bypassed by setting the "global.security.allowInsecureImages" to true. In this case, + a warning message will be shown instead. + + Usage: + {{ include "common.errors.insecureImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} + */}} + {{- define "common.errors.insecureImages" -}} + {{- $relocatedImages := list -}} + {{- $replacedImages := list -}} + {{- $retaggedImages := list -}} + {{- $globalRegistry := ((.context.Values.global).imageRegistry) -}} + {{- $originalImages := .context.Chart.Annotations.images -}} + {{- range .images -}} + {{- $registryName := default .registry $globalRegistry -}} + {{- $fullImageNameNoTag := printf "%s/%s" $registryName .repository -}} + {{- $fullImageName := printf "%s:%s" $fullImageNameNoTag .tag -}} + {{- if not (contains $fullImageNameNoTag $originalImages) -}} + {{- if not (contains $registryName $originalImages) -}} + {{- $relocatedImages = append $relocatedImages $fullImageName -}} + {{- else if not (contains .repository $originalImages) -}} + {{- $replacedImages = append $replacedImages $fullImageName -}} + {{- end -}} + {{- end -}} + {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}} + {{- $retaggedImages = append $retaggedImages $fullImageName -}} + {{- end -}} + {{- end -}} + + {{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}} + {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} + {{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}} + {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}} + {{- $errorString = print $errorString "\n\nUnrecognized images:" -}} + {{- range (concat $relocatedImages $replacedImages) -}} + {{- $errorString = print $errorString "\n - " . -}} + {{- end -}} + {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}} + {{- $errorString = print "\n\n⚠ ERROR: " $errorString -}} + {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}} + {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}} + {{- print $errorString | fail -}} + {{- else if gt (len $replacedImages) 0 -}} + {{- $errorString = print "\n\n⚠ WARNING: " $errorString -}} + {{- print $errorString -}} + {{- end -}} + {{- else if gt (len $retaggedImages) 0 -}} + {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}} + {{- $warnString = print $warnString "\n\nRetagged images:" -}} + {{- range $retaggedImages -}} + {{- $warnString = print $warnString "\n - " . -}} + {{- end -}} + {{- print $warnString -}} + {{- end -}} {{- end -}} -{{- end -}} + \ No newline at end of file diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index edd8b2adf..2a133975a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -63,6 +63,10 @@ dependencies: version: 0.1.14 repository: "file://../indexd" condition: indexd.enabled +- name: kafka + version: 32.1.3 + repository: "file://../kafka" + condition: kafka.enabled - name: metadata version: 0.1.12 repository: "file://../metadata" diff --git a/helm/kafka/.helmignore b/helm/kafka/.helmignore new file mode 100644 index 000000000..207983f36 --- /dev/null +++ b/helm/kafka/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/helm/kafka/CHANGELOG.md b/helm/kafka/CHANGELOG.md new file mode 100644 index 000000000..691efe1c5 --- /dev/null +++ b/helm/kafka/CHANGELOG.md @@ -0,0 +1,2607 @@ +# Changelog + +## 32.1.3 (2025-04-01) + +* [bitnami/kafka] bugfix: recompute secret checksum on Kafka kraft secret changes ([#32692](https://github.com/bitnami/charts/pull/32692)) + +## 32.1.2 (2025-03-27) + +* [bitnami/kakfa] bugfix: relax conditions under SASL secret must be mounted as volume (#32631) ([d336c50](https://github.com/bitnami/charts/commit/d336c507835a021108b9ce9aa0f5e377662e363f)), closes [#32631](https://github.com/bitnami/charts/issues/32631) + +## 32.1.1 (2025-03-26) + +* [bitnami/kafka] bugfix: upgrade issue due to secret lookup (#32621) ([31af2bd](https://github.com/bitnami/charts/commit/31af2bd4ddf75dca1b9e1761a13693a8b0a90e33)), closes [#32621](https://github.com/bitnami/charts/issues/32621) + +## 32.1.0 (2025-03-26) + +* [bitnami/kafka] bugfix: add missing persistentVolumeClaimRetentionPolicy and fix config & network po ([9d1b911](https://github.com/bitnami/charts/commit/9d1b911d005add455ed5db1b379e1df13c33ddd6)), closes [#32615](https://github.com/bitnami/charts/issues/32615) + +## 32.0.3 (2025-03-26) + +* [bitnami/kafka] bugfix: use kafka-broker-api-versions.sh to wait for Kafka on provisioning (#32613) ([328166c](https://github.com/bitnami/charts/commit/328166c403f2d3b4a9a548561b25dc43efb7eebf)), closes [#32613](https://github.com/bitnami/charts/issues/32613) + +## 32.0.2 (2025-03-26) + +* [bitnami/kafka] bugfix: conditions to create Kraft secret (#32612) ([2120902](https://github.com/bitnami/charts/commit/2120902bdf6ee15b80e93d425fc99d89b51091be)), closes [#32612](https://github.com/bitnami/charts/issues/32612) + +## 32.0.1 (2025-03-25) + +* [bitnami/kafka] Release 32.0.1 (#32592) ([5f3eb03](https://github.com/bitnami/charts/commit/5f3eb0376ab9b7f04a95fe197568405c0d875b92)), closes [#32592](https://github.com/bitnami/charts/issues/32592) + +## 32.0.0 (2025-03-25) + +* [bitnami/*] Add tanzuCategory annotation (#32409) ([a8fba5c](https://github.com/bitnami/charts/commit/a8fba5cb01f6f4464ca7f69c50b0fbe97d837a95)), closes [#32409](https://github.com/bitnami/charts/issues/32409) +* [bitnami/kafka] feat: Kafka 4.0.0 (#32516) ([8bea6f9](https://github.com/bitnami/charts/commit/8bea6f9e210b967f1c27270f75d307623afa1974)), closes [#32516](https://github.com/bitnami/charts/issues/32516) + +## 31.5.0 (2025-03-06) + +* [bitnami/kafka] IpFamilies and IpFamilyPolicy configurables (#31456) ([30daf36](https://github.com/bitnami/charts/commit/30daf368a955addaa59136ed6b18f8702124f72a)), closes [#31456](https://github.com/bitnami/charts/issues/31456) [#31389](https://github.com/bitnami/charts/issues/31389) + +## 31.4.1 (2025-03-04) + +* [bitnami/kafka] Release 31.4.1 (#32257) ([5136e86](https://github.com/bitnami/charts/commit/5136e8603c2c5402ba07026948965da7011cae8e)), closes [#32257](https://github.com/bitnami/charts/issues/32257) + +## 31.4.0 (2025-02-20) + +* [bitnami/kafka] feat: use new helper for checking API versions (#32051) ([8abc389](https://github.com/bitnami/charts/commit/8abc389c429c32d900b68429730dfbfad02c8208)), closes [#32051](https://github.com/bitnami/charts/issues/32051) + +## 31.3.2 (2025-02-20) + +* [bitnami/*] Use CDN url for the Bitnami Application Icons (#31881) ([d9bb11a](https://github.com/bitnami/charts/commit/d9bb11a9076b9bfdcc70ea022c25ef50e9713657)), closes [#31881](https://github.com/bitnami/charts/issues/31881) +* [bitnami/kafka] Release 31.3.2 (#32034) ([3f4ca72](https://github.com/bitnami/charts/commit/3f4ca729b3192c7cc742da1ccefc0676e93cdd38)), closes [#32034](https://github.com/bitnami/charts/issues/32034) +* Update copyright year (#31682) ([e9f02f5](https://github.com/bitnami/charts/commit/e9f02f5007068751f7eb2270fece811e685c99b6)), closes [#31682](https://github.com/bitnami/charts/issues/31682) + +## 31.3.1 (2025-01-28) + +* [bitnami/kafka] Release 31.3.1 (#31624) ([21e8180](https://github.com/bitnami/charts/commit/21e8180f88d4f0f85e31086fa609220ae1b853e0)), closes [#31624](https://github.com/bitnami/charts/issues/31624) + +## 31.3.0 (2025-01-23) + +* [binami/kafka] Setting broker.rack for azure based on brokerRackAssignment parameter (#31496) ([43c0dd0](https://github.com/bitnami/charts/commit/43c0dd099f1feb3df890ba3852dff2e143f496bb)), closes [#31496](https://github.com/bitnami/charts/issues/31496) + +## 31.2.0 (2025-01-08) + +* [bitnami/kafka] chore(jmx-exporter): Upgrade image and change args (#31108) ([70d7aac](https://github.com/bitnami/charts/commit/70d7aac72b9adf6496589418054d5b4f66c16b18)), closes [#31108](https://github.com/bitnami/charts/issues/31108) + +## 31.1.1 (2024-12-22) + +* [bitnami/*] Fix typo in README (#31052) ([b41a51d](https://github.com/bitnami/charts/commit/b41a51d1bd04841fc108b78d3b8357a5292771c8)), closes [#31052](https://github.com/bitnami/charts/issues/31052) +* [bitnami/kafka] Release 31.1.1 (#31139) ([61131de](https://github.com/bitnami/charts/commit/61131de7b63913f4ef1cb9e7b5b2e8c593178b42)), closes [#31139](https://github.com/bitnami/charts/issues/31139) + +## 31.1.0 (2024-12-10) + +* [bitnami/*] Add Bitnami Premium to NOTES.txt (#30854) ([3dfc003](https://github.com/bitnami/charts/commit/3dfc00376df6631f0ce54b8d440d477f6caa6186)), closes [#30854](https://github.com/bitnami/charts/issues/30854) +* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711) +* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 3) (#30666) ([82fc7e2](https://github.com/bitnami/charts/commit/82fc7e2fc12e2648ed22069942203c02bf5d4cc6)), closes [#30666](https://github.com/bitnami/charts/issues/30666) +* [bitnami/*] docs: :memo: Add "Update Credentials" (batch 2) (#30687) ([c457848](https://github.com/bitnami/charts/commit/c457848b2a111aad59830b98f85ffa1e29918e10)), closes [#30687](https://github.com/bitnami/charts/issues/30687) +* [bitnami/kafka] Add upgrade notes for version 31.0.0 (#30427) ([fe6422c](https://github.com/bitnami/charts/commit/fe6422cb722627ccd5db8138ad27cd7993947146)), closes [#30427](https://github.com/bitnami/charts/issues/30427) +* [bitnami/kafka] Detect non-standard images (#30903) ([885bbcd](https://github.com/bitnami/charts/commit/885bbcd5b7b0b0fe7d12e5126659ee1d9dd0efee)), closes [#30903](https://github.com/bitnami/charts/issues/30903) + +## 31.0.0 (2024-11-12) + +* [bitnami/kafka] Release 31.0.0 (#30416) ([765e563](https://github.com/bitnami/charts/commit/765e563c3e9e49d9617100ac9c9cfcb8cfe3a7bf)), closes [#30416](https://github.com/bitnami/charts/issues/30416) + +## 30.1.8 (2024-10-31) + +* [bitnami/kafka] Release 30.1.8 (#30146) ([fabc523](https://github.com/bitnami/charts/commit/fabc5232c08c83e7766946bd16c761fd666f9650)), closes [#30146](https://github.com/bitnami/charts/issues/30146) + +## 30.1.7 (2024-10-29) + +* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107) +* [bitnami/kafka] Release 30.1.7 (#30119) ([eee4d5b](https://github.com/bitnami/charts/commit/eee4d5b67fdbea9df74ef21bc2fc7d5214dbb2f4)), closes [#30119](https://github.com/bitnami/charts/issues/30119) + +## 30.1.6 (2024-10-18) + +* [bitnami/kafka] broker-list option is deprecated, change to bootstrap-server (#29864) ([2e7b0bf](https://github.com/bitnami/charts/commit/2e7b0bfe8dc6245c573073d21afaf09eedb75b6c)), closes [#29864](https://github.com/bitnami/charts/issues/29864) +* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931) + +## 30.1.5 (2024-10-07) + +* [bitnami/kafka] Update default value of `heapOpts` to fit Kafka pod RAM limit while utilize its incr ([51a574e](https://github.com/bitnami/charts/commit/51a574e7a0f97ec479349080d5c137bdaa4bf033)), closes [#29670](https://github.com/bitnami/charts/issues/29670) [#29782](https://github.com/bitnami/charts/issues/29782) [#29670](https://github.com/bitnami/charts/issues/29670) + +## 30.1.4 (2024-09-22) + +* Update values.yaml (#29557) ([40a12b6](https://github.com/bitnami/charts/commit/40a12b6f509a7f6894212eac200215c4ed7bc088)), closes [#29557](https://github.com/bitnami/charts/issues/29557) + +## 30.1.3 (2024-09-19) + +* [bitnami/kafka] Release 30.1.3 (#29518) ([f88b375](https://github.com/bitnami/charts/commit/f88b37547aafb3e788603e4432f87dd421b91a9c)), closes [#29518](https://github.com/bitnami/charts/issues/29518) + +## 30.1.2 (2024-09-17) + +* [bitnami/kafka] test: :white_check_mark: Improve reliability of ginkgo tests (#29466) ([a67fc13](https://github.com/bitnami/charts/commit/a67fc1332a7f545e512f7cfabe8d0f5e1b318669)), closes [#29466](https://github.com/bitnami/charts/issues/29466) + +## 30.1.1 (2024-09-14) + +* [bitnami/kafka] Release 30.1.1 (#29417) ([798c4df](https://github.com/bitnami/charts/commit/798c4dfd7e236ac6f8d508e2f3ccf5fd405bd26c)), closes [#29417](https://github.com/bitnami/charts/issues/29417) + +## 30.1.0 (2024-09-13) + +* [bitnami/kafka] feature: NetworkPolicy review (#29274) ([e406f1f](https://github.com/bitnami/charts/commit/e406f1f45a60c4d12eab0266a30077856ea05c7a)), closes [#29274](https://github.com/bitnami/charts/issues/29274) +* [bitnami/kafka] update readme with new architecture for externalAccess services (#29098) ([5e5609c](https://github.com/bitnami/charts/commit/5e5609c33e245478290c4f4a6e73380042c237ac)), closes [#29098](https://github.com/bitnami/charts/issues/29098) + +## 30.0.5 (2024-08-23) + +* bitnami/kafka Fix pem auth with custom encrypted private key (#28618) ([96b751e](https://github.com/bitnami/charts/commit/96b751e3eb0a6acba28e0fcbca907bb2de88fdf5)), closes [#28618](https://github.com/bitnami/charts/issues/28618) + +## 30.0.4 (2024-08-14) + +* [bitnami/kafka] Release 30.0.4 (#28878) ([3ff1490](https://github.com/bitnami/charts/commit/3ff14908c56a481e551f94cee08ad0488042d186)), closes [#28878](https://github.com/bitnami/charts/issues/28878) + +## 30.0.3 (2024-08-08) + +* [bitnami/kafka] Add support IMDSv2 for getting brokerRackAwareness data (#27921) ([701467a](https://github.com/bitnami/charts/commit/701467a1a5055aab8c4adf64111a8eb6ad8c47c9)), closes [#27921](https://github.com/bitnami/charts/issues/27921) + +## 30.0.2 (2024-08-07) + +* [bitnami/kafka] Release 30.0.2 (#28734) ([b7dbfe6](https://github.com/bitnami/charts/commit/b7dbfe6c90679ab6ccab521cba8a0ee08595073b)), closes [#28734](https://github.com/bitnami/charts/issues/28734) + +## 30.0.1 (2024-08-06) + +* [bitnami/kafka] Release 30.0.1 (#28699) ([65eac83](https://github.com/bitnami/charts/commit/65eac83c6640522e479f7d07923a934b9f657d99)), closes [#28699](https://github.com/bitnami/charts/issues/28699) +* [bitnami/kafka] Upgrade notes (#28673) ([cae42b9](https://github.com/bitnami/charts/commit/cae42b9674c5ce54aeb693aa5973954e1d0162f4)), closes [#28673](https://github.com/bitnami/charts/issues/28673) + +## 30.0.0 (2024-08-05) + +* [bitnami/kafka] Release 30.0.0 (#28666) ([a6625ec](https://github.com/bitnami/charts/commit/a6625ec0dd042d9848107dd853ff0cc58178800c)), closes [#28666](https://github.com/bitnami/charts/issues/28666) + +## 29.3.14 (2024-08-01) + +* bitnami/kafka Add extraListeners to kafka.listeners in _helpers.tpl (#28604) ([940b7bd](https://github.com/bitnami/charts/commit/940b7bddfe28023ba102d391745bf6552265c293)), closes [#28604](https://github.com/bitnami/charts/issues/28604) + +## 29.3.13 (2024-07-25) + +* [bitnami/kafka] Release 29.3.13 (#28426) ([f922a04](https://github.com/bitnami/charts/commit/f922a041e5af921fa4b4a48f2ee549720f55a577)), closes [#28426](https://github.com/bitnami/charts/issues/28426) + +## 29.3.12 (2024-07-24) + +* [bitnami/kafka] Release 29.3.12 (#28336) ([bdaaf9c](https://github.com/bitnami/charts/commit/bdaaf9c86a9da3c586f6fe9fdfb4972811d558f3)), closes [#28336](https://github.com/bitnami/charts/issues/28336) + +## 29.3.11 (2024-07-23) + +* [bitnami/kafka] Fix issue on how to provision access to all topics / groups (#27877) ([6535067](https://github.com/bitnami/charts/commit/65350670e7249108972fa137b0aaf0423f65f74f)), closes [#27877](https://github.com/bitnami/charts/issues/27877) + +## 29.3.10 (2024-07-18) + +* [bitnami/kafka] Release 29.3.10 (#28157) ([4fc0181](https://github.com/bitnami/charts/commit/4fc0181dd3f334c71cb5adad90c8e2a67ff482fa)), closes [#28157](https://github.com/bitnami/charts/issues/28157) + +## 29.3.9 (2024-07-18) + +* [bitnami/kafka] Global StorageClass as default value (#28038) ([0e596df](https://github.com/bitnami/charts/commit/0e596df1d5e6c9e9d3d1854788d5485408cd49f5)), closes [#28038](https://github.com/bitnami/charts/issues/28038) + +## 29.3.8 (2024-07-16) + +* [bitnami/kafka] fix jmx-servicemonitor by using JMX Exporter's default metrics path (#27455) ([e04d611](https://github.com/bitnami/charts/commit/e04d6117bc4c0e1dac47e9303bf5ad92188bce29)), closes [#27455](https://github.com/bitnami/charts/issues/27455) + +## 29.3.7 (2024-07-08) + +* [bitnami/kafka] Fix jmx-exporter scrape path (#27562) ([1dd9439](https://github.com/bitnami/charts/commit/1dd943997da79e6095bee6d05410178a0344d4c9)), closes [#27562](https://github.com/bitnami/charts/issues/27562) + +## 29.3.6 (2024-07-02) + +* [bitnami/kafka] fix: Mount kafka_jaas.conf in controller statefulset for kraft migration (#27610) ([fcf03f8](https://github.com/bitnami/charts/commit/fcf03f8314fc30401fa3712c90b0261f8f3b09db)), closes [#27610](https://github.com/bitnami/charts/issues/27610) + +## 29.3.5 (2024-07-01) + +* [bitnami/*] Update README changing TAC wording (#27530) ([52dfed6](https://github.com/bitnami/charts/commit/52dfed6bac44d791efabfaf06f15daddc4fefb0c)), closes [#27530](https://github.com/bitnami/charts/issues/27530) +* [bitnami/kafka] Release 29.3.5 (#27613) ([1ef0ca8](https://github.com/bitnami/charts/commit/1ef0ca867542f99b4e37ac3182727357a0fd17cf)), closes [#27613](https://github.com/bitnami/charts/issues/27613) + +## 29.3.4 (2024-06-18) + +* [bitnami/kafka] Release 29.3.4 (#27362) ([39074dc](https://github.com/bitnami/charts/commit/39074dcf4c92f7b875f1ddb2bc87443b05e7592d)), closes [#27362](https://github.com/bitnami/charts/issues/27362) + +## 29.3.3 (2024-06-17) + +* [bitnami/kafka] Release 29.3.3 (#27236) ([b53ec15](https://github.com/bitnami/charts/commit/b53ec15d13c1536492058c6527b5698254135696)), closes [#27236](https://github.com/bitnami/charts/issues/27236) + +## 29.3.2 (2024-06-14) + +* [bitnami/kafka] Release 29.3.2 (#27175) ([82f0e6c](https://github.com/bitnami/charts/commit/82f0e6c052c92a7e92460effe5efe3f88c3222cf)), closes [#27175](https://github.com/bitnami/charts/issues/27175) + +## 29.3.1 (2024-06-13) + +* [bitnami/kafka] Fix 'sasl.client.passwords' not working during chart upgrade (#27097) ([5f2e38d](https://github.com/bitnami/charts/commit/5f2e38d88c5a5f94e3f578744858cc43450a77d1)), closes [#27097](https://github.com/bitnami/charts/issues/27097) + +## 29.3.0 (2024-06-12) + +* [bitnami/kafka] Custom SANs for auto-generated TLS certificates (#27092) ([45409ff](https://github.com/bitnami/charts/commit/45409ffe1541b04e012deae14ffa224f414937e6)), closes [#27092](https://github.com/bitnami/charts/issues/27092) + +## 29.2.4 (2024-06-06) + +* [bitnami/kafka] Release 29.2.4 (#26966) ([92b9deb](https://github.com/bitnami/charts/commit/92b9debcd39ec036754fb3e33d9c171b53ced39f)), closes [#26966](https://github.com/bitnami/charts/issues/26966) + +## 29.2.3 (2024-06-06) + +* [bitnami/kafka] Release 29.2.3 (#26896) ([0c5dfee](https://github.com/bitnami/charts/commit/0c5dfee96cce662656202789a23e5208e4da7c0d)), closes [#26896](https://github.com/bitnami/charts/issues/26896) + +## 29.2.2 (2024-06-05) + +* [bitnami/kafka] Bump chart version (#26839) ([2061b0c](https://github.com/bitnami/charts/commit/2061b0cc26be9bf9bcfc99c920b6bdd80d33c022)), closes [#26839](https://github.com/bitnami/charts/issues/26839) + +## 29.2.1 (2024-06-05) + +* [bitnami/kafka] Bump chart version (#26781) ([66f65f6](https://github.com/bitnami/charts/commit/66f65f6e5a20c7e8423b51606b051b472b4729c1)), closes [#26781](https://github.com/bitnami/charts/issues/26781) + +## 29.2.0 (2024-05-30) + +* [bitnami/kafka] #25646 Use parameter map for kafka config (#26342) ([4a023a2](https://github.com/bitnami/charts/commit/4a023a27e2bae7ea8779b667bc1e9a00cba925e1)), closes [#25646](https://github.com/bitnami/charts/issues/25646) [#26342](https://github.com/bitnami/charts/issues/26342) + +## 29.1.2 (2024-05-29) + +* [bitnami/kafka] PDB review (#25938) ([568aafa](https://github.com/bitnami/charts/commit/568aafa1de85759ea2d90d2915970eefaa36dffd)), closes [#25938](https://github.com/bitnami/charts/issues/25938) + +## 29.1.1 (2024-05-28) + +* [bitnami/kafka] Fixed Network-Policies for jmx metrics export (#26369) ([7f9445f](https://github.com/bitnami/charts/commit/7f9445f21003a77971d1e7d9c31cf952b6ba9554)), closes [#26369](https://github.com/bitnami/charts/issues/26369) + +## 29.1.0 (2024-05-27) + +* [bitnami/kafka] Restore value brokerRackAssignment (#26296) ([62968c1](https://github.com/bitnami/charts/commit/62968c1bcf75a374076e5161f57673faaee9a96d)), closes [#26296](https://github.com/bitnami/charts/issues/26296) + +## 29.0.3 (2024-05-24) + +* [bitnami/kafka] Fix linter rules after deprecating Kafka Exporter (#26411) ([69856e9](https://github.com/bitnami/charts/commit/69856e985f1325b3e72cd126b6990647d35f1cbb)), closes [#26411](https://github.com/bitnami/charts/issues/26411) + +## 29.0.2 (2024-05-24) + +* [bitnami/kafka] Release 28.3.1 (#26403) ([0428ec7](https://github.com/bitnami/charts/commit/0428ec724a1e6b139b12e8c3a6ab489a6459660c)), closes [#26403](https://github.com/bitnami/charts/issues/26403) + +## 29.0.0 (2024-05-24) + +* [bitnami/kafka] Deprecate Kafka Exporter (#26395) ([bf9a653](https://github.com/bitnami/charts/commit/bf9a6535fabdd4c0ad3210920cdd6c4963c5511c)), closes [#26395](https://github.com/bitnami/charts/issues/26395) + +## 28.3.0 (2024-05-21) + +* [bitnami/*] ci: :construction_worker: Add tag and changelog support (#25359) ([91c707c](https://github.com/bitnami/charts/commit/91c707c9e4e574725a09505d2d313fb93f1b4c0a)), closes [#25359](https://github.com/bitnami/charts/issues/25359) +* [bitnami/kafka] feat: :sparkles: :lock: Add warning when original images are replaced (#26224) ([af7e35d](https://github.com/bitnami/charts/commit/af7e35d40224d7c8a37aad1d20fd7fa61f4af15b)), closes [#26224](https://github.com/bitnami/charts/issues/26224) + +## 28.2.6 (2024-05-21) + +* [bitnami/kafka] Use different liveness/readiness probes (#26134) ([814bef1](https://github.com/bitnami/charts/commit/814bef1e3c4d51f36a8f5833eb6cfb450a9101e9)), closes [#26134](https://github.com/bitnami/charts/issues/26134) + +## 28.2.5 (2024-05-18) + +* [bitnami/kafka] Release 28.2.5 updating components versions (#26030) ([4806aac](https://github.com/bitnami/charts/commit/4806aac67fcfc5ca6f98efddd72178f7f8362366)), closes [#26030](https://github.com/bitnami/charts/issues/26030) + +## 28.2.4 (2024-05-15) + +* bitnami/kafka Fix for sed in kafka-init.sh (#25856) ([d0a9edd](https://github.com/bitnami/charts/commit/d0a9edd1d023401373fa9a8f2b94e1113c59674d)), closes [#25856](https://github.com/bitnami/charts/issues/25856) + +## 28.2.3 (2024-05-14) + +* [bitnami/kafka] Release 28.2.3 updating components versions (#25772) ([f6337eb](https://github.com/bitnami/charts/commit/f6337ebe2254a3863c49c07be7065e9b250cfde2)), closes [#25772](https://github.com/bitnami/charts/issues/25772) + +## 28.2.2 (2024-05-13) + +* [bitnami/*] Change non-root and rolling-tags doc URLs (#25628) ([b067c94](https://github.com/bitnami/charts/commit/b067c94f6bcde427863c197fd355f0b5ba12ff5b)), closes [#25628](https://github.com/bitnami/charts/issues/25628) +* [bitnami/kafka] Release 28.2.2 updating components versions (#25735) ([1c78c32](https://github.com/bitnami/charts/commit/1c78c3261cceb3c81f709e8c4c72deed46b46c21)), closes [#25735](https://github.com/bitnami/charts/issues/25735) + +## 28.2.1 (2024-05-07) + +* [bitnami/*] Set new header/owner (#25558) ([8d1dc11](https://github.com/bitnami/charts/commit/8d1dc11f5fb30db6fba50c43d7af59d2f79deed3)), closes [#25558](https://github.com/bitnami/charts/issues/25558) +* [bitnami/kafka] change probe path for kafka-exporter to /healthz (#25559) ([533146d](https://github.com/bitnami/charts/commit/533146d57d8b745f600cd01f0961c3fd901efe5f)), closes [#25559](https://github.com/bitnami/charts/issues/25559) + +## 28.2.0 (2024-05-06) + +* [bitnami/*] Fix license headers (#25447) ([2d7dca6](https://github.com/bitnami/charts/commit/2d7dca61160bc6a83255111aed8b7d66687caf40)), closes [#25447](https://github.com/bitnami/charts/issues/25447) +* [bitnami/kafka] Allow loadBalancerClass to be customized for the kafka chart (#25538) ([600eae9](https://github.com/bitnami/charts/commit/600eae90a674c8bc0ab2de40ae308be8b40a4f5d)), closes [#25538](https://github.com/bitnami/charts/issues/25538) + +## 28.1.1 (2024-04-26) + +* [bitnami/kafka] Release 28.1.1 updating components versions (#25417) ([db7ee33](https://github.com/bitnami/charts/commit/db7ee33f7c8f1df605c3e64f79a3a5dd095b3295)), closes [#25417](https://github.com/bitnami/charts/issues/25417) + +## 28.1.0 (2024-04-25) + +* [bitnami/kafka] feat: :sparkles: Add autoscaling support (experimental) (#24929) ([e0c0d63](https://github.com/bitnami/charts/commit/e0c0d63020210c6ddffc45fc9695d233c0f04f9b)), closes [#24929](https://github.com/bitnami/charts/issues/24929) +* [bitnami/multiple charts] Fix typo: "NetworkPolice" vs "NetworkPolicy" (#25348) ([6970c1b](https://github.com/bitnami/charts/commit/6970c1ba245873506e73d459c6eac1e4919b778f)), closes [#25348](https://github.com/bitnami/charts/issues/25348) +* Replace VMware by Broadcom copyright text (#25306) ([a5e4bd0](https://github.com/bitnami/charts/commit/a5e4bd0e35e419203793976a78d9d0a13de92c76)), closes [#25306](https://github.com/bitnami/charts/issues/25306) + +## 28.0.4 (2024-04-11) + +* [bitnami/kafka] :lady_beetle: Fix password replace for >10 users (#25133) ([5fd4980](https://github.com/bitnami/charts/commit/5fd49802ad2e855afd2d5e9be533909e2273ca1c)), closes [#25133](https://github.com/bitnami/charts/issues/25133) + +## 28.0.3 (2024-04-05) + +* [bitnami/kafka] Release 28.0.3 (#24985) ([f30afb2](https://github.com/bitnami/charts/commit/f30afb23d99fd89b98d4d0c00ec54fd33fe55720)), closes [#24985](https://github.com/bitnami/charts/issues/24985) + +## 28.0.2 (2024-04-05) + +* [bitnami/kafka] fix: :bug: Add missing controller port in networkpolicy (#24937) ([e91090b](https://github.com/bitnami/charts/commit/e91090b4787dbbc02c973d0a707bd4fe00a9aa1b)), closes [#24937](https://github.com/bitnami/charts/issues/24937) +* Update resourcesPreset comments (#24467) ([92e3e8a](https://github.com/bitnami/charts/commit/92e3e8a507326d2a20a8f10ab3e7746a2ec5c554)), closes [#24467](https://github.com/bitnami/charts/issues/24467) + +## 28.0.1 (2024-04-01) + +* [bitnami/kafka] Register targetPod in global context (#24391) ([7c2aed4](https://github.com/bitnami/charts/commit/7c2aed44ade10a57a3d2396a0425a9563eb60562)), closes [#24391](https://github.com/bitnami/charts/issues/24391) + +## 28.0.0 (2024-03-26) + +* [bitnami/*] Reorder Chart sections (#24455) ([0cf4048](https://github.com/bitnami/charts/commit/0cf4048e8743f70a9753d460655bd030cbff6824)), closes [#24455](https://github.com/bitnami/charts/issues/24455) +* [bitnami/kafka] feat!: :lock: :boom: Improve security defaults (#24659) ([ba3b159](https://github.com/bitnami/charts/commit/ba3b15965b55976d127ff9db0744051ba517a195)), closes [#24659](https://github.com/bitnami/charts/issues/24659) + +## 27.1.2 (2024-03-14) + +* bitnami/kafka pass jmx exporter metrics port as args (#24401) ([6202965](https://github.com/bitnami/charts/commit/620296577a95563271669a6a75bd296c7d698efc)), closes [#24401](https://github.com/bitnami/charts/issues/24401) + +## 27.1.1 (2024-03-11) + +* [bitnami/kafka] fix: Setup of sasl authentication to external zookeeper (#23550) ([ac9dca4](https://github.com/bitnami/charts/commit/ac9dca4a1978e81dbd77b017d877c6dda88f9cf9)), closes [#23550](https://github.com/bitnami/charts/issues/23550) + +## 27.1.0 (2024-03-06) + +* [bitnami/kafka] feat: :sparkles: :lock: Add automatic adaptation for Openshift restricted-v2 SCC (#2 ([a839f68](https://github.com/bitnami/charts/commit/a839f6824462b6f0cafaa8a255ad47edab2dfe5e)), closes [#24100](https://github.com/bitnami/charts/issues/24100) + +## 27.0.0 (2024-03-04) + +* [bitnami/kafka] Release 27.0.0 updating components versions (#24048) ([6fd6ed0](https://github.com/bitnami/charts/commit/6fd6ed0df6c5f11af5cc6b8b7a85f2e8c0dd5f8d)), closes [#24048](https://github.com/bitnami/charts/issues/24048) + +## 26.11.4 (2024-02-28) + +* [bitnami/kafka] Fix installation issue when serviceBindings.enabled is true - part 2 (#23898) ([97df6fc](https://github.com/bitnami/charts/commit/97df6fc2cc0a3ecfabd0702459cde6f3e3cd482a)), closes [#23898](https://github.com/bitnami/charts/issues/23898) + +## 26.11.3 (2024-02-23) + +* [bitnami/kafka] fix: use root context for Values in range (#23604) ([2e8d666](https://github.com/bitnami/charts/commit/2e8d666b10d62c9bb4c56b0b92918f840355258d)), closes [#23604](https://github.com/bitnami/charts/issues/23604) + +## 26.11.2 (2024-02-22) + +* [bitnami/kafka] Release 26.11.2 updating components versions (#23789) ([8b3d4bf](https://github.com/bitnami/charts/commit/8b3d4bfa47aea55fabab0f41068af3e7f1e75fdd)), closes [#23789](https://github.com/bitnami/charts/issues/23789) + +## 26.11.1 (2024-02-21) + +* [bitnami/kafka] Release 26.11.1 updating components versions (#23629) ([ff5ed8c](https://github.com/bitnami/charts/commit/ff5ed8c27f56ebc10651690c50bb1551cbc55fe3)), closes [#23629](https://github.com/bitnami/charts/issues/23629) + +## 26.11.0 (2024-02-20) + +* [bitnami/*] Bump all versions (#23602) ([b70ee2a](https://github.com/bitnami/charts/commit/b70ee2a30e4dc256bf0ac52928fb2fa7a70f049b)), closes [#23602](https://github.com/bitnami/charts/issues/23602) + +## 26.10.0 (2024-02-20) + +* [bitnami/kafka] feat: :sparkles: :lock: Add resource preset support (#23468) ([f267103](https://github.com/bitnami/charts/commit/f2671034fc296c95def71ce854a21e431ee32af8)), closes [#23468](https://github.com/bitnami/charts/issues/23468) + +## 26.9.0 (2024-02-15) + +* feat: add useHelmHooks value to allow install with --wait (#23460) ([a5b06d4](https://github.com/bitnami/charts/commit/a5b06d44246f88e19f14e54c36c8bcf230a795f4)), closes [#23460](https://github.com/bitnami/charts/issues/23460) + +## 26.8.5 (2024-02-02) + +* [bitnami/kafka] Release 26.8.5 updating components versions (#23087) ([171cf03](https://github.com/bitnami/charts/commit/171cf03a5e7bb9b2eba70b3ce776690028621a6b)), closes [#23087](https://github.com/bitnami/charts/issues/23087) + +## 26.8.4 (2024-02-02) + +* [bitnami/kafka] fix: Migrate existing broker.id to node.id only when kraft mode enabled (#21940) (#2 ([80e31e8](https://github.com/bitnami/charts/commit/80e31e83a7e81449ea1f16099edaaeac84549759)), closes [#21940](https://github.com/bitnami/charts/issues/21940) [#22721](https://github.com/bitnami/charts/issues/22721) + +## 26.8.3 (2024-01-27) + +* [bitnami/kafka] Release 26.8.3 updating components versions (#22804) ([49133b7](https://github.com/bitnami/charts/commit/49133b7ae33a430c50d191d7ddc8ac486e54e83f)), closes [#22804](https://github.com/bitnami/charts/issues/22804) + +## 26.8.2 (2024-01-26) + +* [bitnami/kafka] fix: :bug: Set seLinuxOptions to null for Openshift compatibility (#22605) ([c444150](https://github.com/bitnami/charts/commit/c444150f1b163fe7108b2cf13a9fd0e4442969fd)), closes [#22605](https://github.com/bitnami/charts/issues/22605) +* Add missing version, kind to kafka volumeClaimTemplates (#22728) ([7b5f425](https://github.com/bitnami/charts/commit/7b5f42546e75fa507cba9aec1a929f5f18e84bd0)), closes [#22728](https://github.com/bitnami/charts/issues/22728) + +## 26.8.1 (2024-01-24) + +* [bitnami/*] Move documentation sections from docs.bitnami.com back to the README (#22203) ([7564f36](https://github.com/bitnami/charts/commit/7564f36ca1e95ff30ee686652b7ab8690561a707)), closes [#22203](https://github.com/bitnami/charts/issues/22203) +* [bitnami/kafka] fix: :lock: Move service-account token auto-mount to pod declaration (#22415) ([76a5880](https://github.com/bitnami/charts/commit/76a58808d25ed328ae2ab94d24a3d5f8fc6ad15a)), closes [#22415](https://github.com/bitnami/charts/issues/22415) +* [bitnami/kafka] Release 26.8.1 updating components versions (#22704) ([48afa1a](https://github.com/bitnami/charts/commit/48afa1a5ef578d99c17ff0a2d7cf7dea37d79bcb)), closes [#22704](https://github.com/bitnami/charts/issues/22704) + +## 26.8.0 (2024-01-19) + +* [bitnami/kafka] Added option 'allocateLoadBalancerNodePorts' for services of type 'LoadBalancer' (#2 ([230d6a3](https://github.com/bitnami/charts/commit/230d6a3dfbc20a0eae14b59c45b9485d6db4d3a3)), closes [#21919](https://github.com/bitnami/charts/issues/21919) + +## 26.7.1 (2024-01-18) + +* [bitnami/kafka] Release 26.7.1 updating components versions (#22295) ([87f887c](https://github.com/bitnami/charts/commit/87f887c51c556aca0300c90bc5056df89962ab3a)), closes [#22295](https://github.com/bitnami/charts/issues/22295) + +## 26.7.0 (2024-01-17) + +* [bitnami/kafka] fix: :lock: Improve podSecurityContext and containerSecurityContext with essential s ([5c3feae](https://github.com/bitnami/charts/commit/5c3feaec8c17d10c3c75a4cba7830b2a6c72086a)), closes [#22136](https://github.com/bitnami/charts/issues/22136) + +## 26.6.3 (2024-01-12) + +* [bitnami/*] Fix docs.bitnami.com broken links (#21901) ([f35506d](https://github.com/bitnami/charts/commit/f35506d2dadee4f097986e7792df1f53ab215b5d)), closes [#21901](https://github.com/bitnami/charts/issues/21901) +* [bitnami/*] Fix ref links (in comments) (#21822) ([e4fa296](https://github.com/bitnami/charts/commit/e4fa296106b225cf8c82445727c675c7c725e380)), closes [#21822](https://github.com/bitnami/charts/issues/21822) +* [bitnami/*] Update copyright: Year and company (#21815) ([6c4bf75](https://github.com/bitnami/charts/commit/6c4bf75dec58fc7c9aee9f089777b1a858c17d5b)), closes [#21815](https://github.com/bitnami/charts/issues/21815) +* [bitnami/kafka] fix: :lock: Do not use the default service account (#22018) ([b3b9432](https://github.com/bitnami/charts/commit/b3b94328786a70255561e70973f055810ebc44b8)), closes [#22018](https://github.com/bitnami/charts/issues/22018) + +## 26.6.2 (2023-12-22) + +* [bitnami/kafka] Release 26.6.2 updating components versions (#21738) ([9ac23fb](https://github.com/bitnami/charts/commit/9ac23fb9aec82d0184e2dc9bf86de94db3276690)), closes [#21738](https://github.com/bitnami/charts/issues/21738) + +## 26.6.1 (2023-12-20) + +* [bitnami/kafka] Fix Kafka log/logs dir config (#20476) ([a36243d](https://github.com/bitnami/charts/commit/a36243d9d370447e5b4355a28c8954b0b6a79a02)), closes [#20476](https://github.com/bitnami/charts/issues/20476) + +## 26.6.0 (2023-12-20) + +* [bitnami/kafka] feat: :sparkles: Add missing probes (#21650) ([039ce09](https://github.com/bitnami/charts/commit/039ce09f64217cf9dc01fe6a60100dff194cd7e1)), closes [#21650](https://github.com/bitnami/charts/issues/21650) + +## 26.5.1 (2023-12-19) + +* [bitnami/kafka] Allowing for customize dnsPolicy and dnsConfig for Kafka (#21402) ([0287ecf](https://github.com/bitnami/charts/commit/0287ecf646ad78a52f920ab01de7013d284c0d93)), closes [#21402](https://github.com/bitnami/charts/issues/21402) + +## 26.5.0 (2023-12-13) + +* [bitnami/kafka] fix: :bug: Make auto-discovery compatible with PSA restrictedSigned-off-by: Javier S ([1f3bfc8](https://github.com/bitnami/charts/commit/1f3bfc81810c77308c47e8dc484884c47d6c2edb)) + +## 26.4.5 (2023-12-12) + +* [bitnami/kafka] Fix condition for secret mounting (#21358) ([cbff765](https://github.com/bitnami/charts/commit/cbff76568c431bc33b9af79f9fec1eeebc6a5c24)), closes [#21358](https://github.com/bitnami/charts/issues/21358) +* Make Kafka DefaultMode YAML 1.2 Compliant (#21086) ([b51288a](https://github.com/bitnami/charts/commit/b51288a469c1e42dac2ee2b3f26f1951eebf741f)), closes [#21086](https://github.com/bitnami/charts/issues/21086) [dtolnay/serde-yaml#225](https://github.com/dtolnay/serde-yaml/issues/225) + +## 26.4.4 (2023-12-09) + +* [bitnami/kafka] Release 26.4.4 updating components versions (#21486) ([75b9ae3](https://github.com/bitnami/charts/commit/75b9ae3b79eca647b1a0f6c5e1fd43896f598d25)), closes [#21486](https://github.com/bitnami/charts/issues/21486) + +## 26.4.3 (2023-11-29) + +* [bitnami/kafka] Fix controller component validation for external access (#20941) ([d05f605](https://github.com/bitnami/charts/commit/d05f605d8905d5a3e402a555359585789432f19d)), closes [#20941](https://github.com/bitnami/charts/issues/20941) + +## 26.4.2 (2023-11-21) + +* [bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR ([1103633](https://github.com/bitnami/charts/commit/11036334d82df0490aa4abdb591543cab6cf7d7f)), closes [#20967](https://github.com/bitnami/charts/issues/20967) +* [bitnami/*] Rename solutions to "Bitnami package for ..." (#21038) ([b82f979](https://github.com/bitnami/charts/commit/b82f979e4fb63423fe6e2192c946d09d79c944fc)), closes [#21038](https://github.com/bitnami/charts/issues/21038) +* [bitnami/kafka] Release 26.4.2 updating components versions (#21127) ([c75c019](https://github.com/bitnami/charts/commit/c75c0199489389a21d185939eb3c7747253a822d)), closes [#21127](https://github.com/bitnami/charts/issues/21127) + +## 26.4.1 (2023-11-15) + +* [bitnami/kafka] Update 'Upgrading notes' section with missing TLS secret breaking change (#20632) ([a46f0ed](https://github.com/bitnami/charts/commit/a46f0ed6420e6185bf18fc19761100a5d7d7e853)), closes [#20632](https://github.com/bitnami/charts/issues/20632) + +## 26.4.0 (2023-11-09) + +* Add kafka init container custom resource function according to issue #20641 (#20652) ([e4ad6e4](https://github.com/bitnami/charts/commit/e4ad6e48f3a7613dbc58ac46347e6118563eb9a6)), closes [#20641](https://github.com/bitnami/charts/issues/20641) [#20652](https://github.com/bitnami/charts/issues/20652) [#20641](https://github.com/bitnami/charts/issues/20641) + +## 26.3.2 (2023-11-08) + +* [bitnami/kafka] Release 26.3.2 updating components versions (#20748) ([02e2724](https://github.com/bitnami/charts/commit/02e272489a75c022ba79f3b3dcfa6c7cb3222515)), closes [#20748](https://github.com/bitnami/charts/issues/20748) + +## 26.3.1 (2023-11-07) + +* [bitnami/kafka] Release 26.3.1 updating components versions (#20655) ([619011b](https://github.com/bitnami/charts/commit/619011b2dd490f6ed3a207bfd1f3d277efc20b5f)), closes [#20655](https://github.com/bitnami/charts/issues/20655) + +## 26.3.0 (2023-11-06) + +* [bitnami/kafka] Add minReadySeconds configuration (#20571) ([c626d5d](https://github.com/bitnami/charts/commit/c626d5d4a52e471d7832964ad0b6376bf47ec349)), closes [#20571](https://github.com/bitnami/charts/issues/20571) + +## 26.2.1 (2023-11-03) + +* [bitnami/*] Rename VMware Application Catalog (#20361) ([3acc734](https://github.com/bitnami/charts/commit/3acc73472beb6fb56c4d99f929061001205bc57e)), closes [#20361](https://github.com/bitnami/charts/issues/20361) +* [bitnami/kafka] Update README (#17029) (#20489) ([72e3761](https://github.com/bitnami/charts/commit/72e3761758518195844f77ab10b6970f4e90e458)), closes [#17029](https://github.com/bitnami/charts/issues/17029) [#20489](https://github.com/bitnami/charts/issues/20489) +* [bitnami/kafka]: clarify docs (#20484) ([d852a8f](https://github.com/bitnami/charts/commit/d852a8f82aa57aea4477dbfa9ffc09fcecb64c1a)), closes [#20484](https://github.com/bitnami/charts/issues/20484) + +## 26.2.0 (2023-10-20) + +* [bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) ([bb9a01b](https://github.com/bitnami/charts/commit/bb9a01b65911c87e48318db922cc05eb42785e42)), closes [#19841](https://github.com/bitnami/charts/issues/19841) +* [bitnami/kafka] replicate variable logic for keystore (#19789) ([1f37786](https://github.com/bitnami/charts/commit/1f3778610406da2bd1c1f87f0fdb12da8b21f36d)), closes [#19789](https://github.com/bitnami/charts/issues/19789) + +## 26.1.0 (2023-10-20) + +* [bitnami/*] Standardize documentation (#19835) ([af5f753](https://github.com/bitnami/charts/commit/af5f7530c1bc8c5ded53a6c4f7b8f384ac1804f2)), closes [#19835](https://github.com/bitnami/charts/issues/19835) +* [bitnami/kafka] init-script: Remove PEM certificates before start (#19427) ([86ddf46](https://github.com/bitnami/charts/commit/86ddf468bd97a54ee6d70c81a88582408c66fd50)), closes [#19427](https://github.com/bitnami/charts/issues/19427) + +## 26.0.1 (2023-10-19) + +* [bitnami/kafka] Amend service name for broker external services (#20226) ([ce6806c](https://github.com/bitnami/charts/commit/ce6806c8f6d25f869b26cda24182be03f21e526f)), closes [#20226](https://github.com/bitnami/charts/issues/20226) +* [bitnami/kafka] Update README.md (#20272) ([4923e3d](https://github.com/bitnami/charts/commit/4923e3df6ab23c61aaca53185a9c699cfab2df8a)), closes [#20272](https://github.com/bitnami/charts/issues/20272) + +## 26.0.0 (2023-10-16) + +* [bitnami/kafka] Release 26.0.0 (#20262) ([70f1219](https://github.com/bitnami/charts/commit/70f12196afb83dcef838ef8c318601f31ee9f038)), closes [#20262](https://github.com/bitnami/charts/issues/20262) + +## 25.3.5 (2023-10-12) + +* [bitnami/kafka] Release 25.3.5 updating components versions (#20144) ([767cdb7](https://github.com/bitnami/charts/commit/767cdb71c6a2c940dd1560a7d43663eb4f071cf3)), closes [#20144](https://github.com/bitnami/charts/issues/20144) + +## 25.3.4 (2023-10-12) + +* [bitnami/kafka] Release 25.3.4 (#20120) ([717032e](https://github.com/bitnami/charts/commit/717032e6c39c2e8185df01c1d5540707a72157ea)), closes [#20120](https://github.com/bitnami/charts/issues/20120) + +## 25.3.3 (2023-10-09) + +* [bitnami/kafka] Release 25.3.3 (#19917) ([bb02298](https://github.com/bitnami/charts/commit/bb022982a3b86efe2556746311c2129f7671e567)), closes [#19917](https://github.com/bitnami/charts/issues/19917) + +## 25.3.2 (2023-10-09) + +* [bitnami/*] Update Helm charts prerequisites (#19745) ([eb755dd](https://github.com/bitnami/charts/commit/eb755dd36a4dd3cf6635be8e0598f9a7f4c4a554)), closes [#19745](https://github.com/bitnami/charts/issues/19745) +* [bitnami/kafka] Release 25.3.2 (#19857) ([4d13755](https://github.com/bitnami/charts/commit/4d137554aac44ce77a8c73f7950c52bf1c7f1910)), closes [#19857](https://github.com/bitnami/charts/issues/19857) +* [bitnami/kafka] Update Readme.md (#19767) ([ce42530](https://github.com/bitnami/charts/commit/ce42530f4f1fac3d74ca1861e37128788d343625)), closes [#19767](https://github.com/bitnami/charts/issues/19767) + +## 25.3.1 (2023-10-05) + +* [bitnami/kafka] log4j configmap metadata (#19682) ([80e25e3](https://github.com/bitnami/charts/commit/80e25e342bf64df2cb358d64b59b5c28c4275018)), closes [#19682](https://github.com/bitnami/charts/issues/19682) + +## 25.3.0 (2023-10-03) + +* [bitnami/kafka] Adding support for the sasl mechanism, oauthbearer (#19224) ([f7896ec](https://github.com/bitnami/charts/commit/f7896ec27cf165e86233f60bfb7fc68943717bc3)), closes [#19224](https://github.com/bitnami/charts/issues/19224) + +## 25.2.0 (2023-09-29) + +* bitnami/kafka add the ability to reference an existing cluster id secret (#19518) ([d3844a7](https://github.com/bitnami/charts/commit/d3844a7b478f0ceac234d4db2597971fbe9ddfad)), closes [#19518](https://github.com/bitnami/charts/issues/19518) + +## 25.1.12 (2023-09-25) + +* [bitnami/kafka] Release 25.1.12 (#19499) ([cde5d7c](https://github.com/bitnami/charts/commit/cde5d7c19254b2f83f1d186d149087de5f51c9b2)), closes [#19499](https://github.com/bitnami/charts/issues/19499) + +## 25.1.11 (2023-09-20) + +* [bitnami/kafka] Use different app.kubernetes.io/version label on subcomponents (#19340) ([e0c6df2](https://github.com/bitnami/charts/commit/e0c6df2f861bc54bb2fff11f8509006d6a966a7a)), closes [#19340](https://github.com/bitnami/charts/issues/19340) +* Autogenerate schema files (#19194) ([a2c2090](https://github.com/bitnami/charts/commit/a2c2090b5ac97f47b745c8028c6452bf99739772)), closes [#19194](https://github.com/bitnami/charts/issues/19194) +* Revert "Autogenerate schema files (#19194)" (#19335) ([73d80be](https://github.com/bitnami/charts/commit/73d80be525c88fb4b8a54451a55acd506e337062)), closes [#19194](https://github.com/bitnami/charts/issues/19194) [#19335](https://github.com/bitnami/charts/issues/19335) + +## 25.1.10 (2023-09-09) + +* [bitnami/kafka] Release 25.1.8 (#19164) ([a3b3966](https://github.com/bitnami/charts/commit/a3b3966485c07538fe693ec6dfeb94f0e94f0b9e)), closes [#19164](https://github.com/bitnami/charts/issues/19164) + +## 25.1.9 (2023-09-08) + +* [bitnami/kafka] Bugfix LogPersistence storageclass (#18957) ([9b54e3d](https://github.com/bitnami/charts/commit/9b54e3d89d60f70aec281ccd22d5195aaff3429a)), closes [#18957](https://github.com/bitnami/charts/issues/18957) + +## 25.1.8 (2023-09-07) + +* [bitnami/kafka]: Use merge helper (#19063) ([5c7ed77](https://github.com/bitnami/charts/commit/5c7ed7770ede88b520e84925288954736a17a341)), closes [#19063](https://github.com/bitnami/charts/issues/19063) + +## 25.1.7 (2023-09-07) + +* [bitnami/kafka] Release 25.1.7 (#19160) ([98e95ff](https://github.com/bitnami/charts/commit/98e95ff5acdce05856a056e570b6a7a43106f7a4)), closes [#19160](https://github.com/bitnami/charts/issues/19160) + +## 25.1.6 (2023-09-05) + +* [bitnami/kafka] Added values for supplying additional configuration as a secret object (#18978) ([3e75157](https://github.com/bitnami/charts/commit/3e751575aeb43afbb8ea6cc49dcf6f7c36dd9d84)), closes [#18978](https://github.com/bitnami/charts/issues/18978) +* [bitnami/kafka] Release 25.1.6 (#19121) ([3e0abdf](https://github.com/bitnami/charts/commit/3e0abdfc8272f13ba32cfeab3cab596f22c68d31)), closes [#19121](https://github.com/bitnami/charts/issues/19121) +* Some fixes for PDB: (#18966) ([8a42abf](https://github.com/bitnami/charts/commit/8a42abfaecaf0b7ec11dca59eaeb696e6c5cd7ec)), closes [#18966](https://github.com/bitnami/charts/issues/18966) + +## 25.1.5 (2023-09-01) + +* [#14600] Support using keys provided by cert-manager (#18887) ([59e1480](https://github.com/bitnami/charts/commit/59e14806d819324cdf903be122c303097ce8bbee)), closes [#14600](https://github.com/bitnami/charts/issues/14600) [#18887](https://github.com/bitnami/charts/issues/18887) + +## 25.1.4 (2023-08-30) + +* [bitnami/kafka] Release 25.1.4 (#18950) ([ba5f8e5](https://github.com/bitnami/charts/commit/ba5f8e58f09e69079aa7a586fb9d3e576a0c851f)), closes [#18950](https://github.com/bitnami/charts/issues/18950) + +## 25.1.3 (2023-08-29) + +* [bitnami/kafka] Fix pod affinity labels (#18927) ([9b87f4f](https://github.com/bitnami/charts/commit/9b87f4ffb32e2d05a408bbc16529c1b1d7337da5)), closes [#18927](https://github.com/bitnami/charts/issues/18927) +* [bitnami/kafka] Fix typo (#18902) ([de01ec0](https://github.com/bitnami/charts/commit/de01ec04c8e5f710dc9f3720c487daf839f7a658)), closes [#18902](https://github.com/bitnami/charts/issues/18902) +* [bitnami/kafka] Use the container port instead of the service port in kafka metrics exporter (#18319 ([499c5c5](https://github.com/bitnami/charts/commit/499c5c5659e91d6ecb59c58c9eff5ec3bbe37235)), closes [#18319](https://github.com/bitnami/charts/issues/18319) + +## 25.1.2 (2023-08-28) + +* [bitnami/kafka] Delete a tab in bitnami/kafka/templates/broker/svc-headless.yaml,line 36,which cause ([57328e7](https://github.com/bitnami/charts/commit/57328e741be373ac287696badc2a5b1a249e13bb)), closes [#18886](https://github.com/bitnami/charts/issues/18886) + +## 25.1.1 (2023-08-25) + +* [bitnami/kafka] broker pod labels (#18852) ([7a2a0dc](https://github.com/bitnami/charts/commit/7a2a0dc926658ba39b23b63fde1f8fdae5361c10)), closes [#18852](https://github.com/bitnami/charts/issues/18852) + +## 25.1.0 (2023-08-24) + +* [bitnami/kafka] Support for customizing standard labels (#18609) ([5b306c5](https://github.com/bitnami/charts/commit/5b306c534e4a3798a8c9010dea3d9660f6d95c6b)), closes [#18609](https://github.com/bitnami/charts/issues/18609) + +## 25.0.1 (2023-08-24) + +* [bitnami/kafka] Change selector labels of kafka JMX metrics exporter (#18815) ([44442b9](https://github.com/bitnami/charts/commit/44442b9e358db2563d67b27238c82050c2dcb0be)), closes [#18815](https://github.com/bitnami/charts/issues/18815) + +## 25.0.0 (2023-08-23) + +* [bitnami/kafka] Zookeeper chart update (#18805) ([c051054](https://github.com/bitnami/charts/commit/c051054125676188aea699ff5e4fc3be22adf443)), closes [#18805](https://github.com/bitnami/charts/issues/18805) + +## 24.0.14 (2023-08-19) + +* [bitnami/kafka] Release 24.0.14 (#18670) ([511dad2](https://github.com/bitnami/charts/commit/511dad26c18d78688bcae32887d17c41f49e09c7)), closes [#18670](https://github.com/bitnami/charts/issues/18670) + +## 24.0.13 (2023-08-18) + +* [bitnami/kafka] Release 24.0.13 (#18635) ([d30282d](https://github.com/bitnami/charts/commit/d30282d7d3f7fc9a7a5fafd4dd09913d91a4097a)), closes [#18635](https://github.com/bitnami/charts/issues/18635) + +## 24.0.12 (2023-08-18) + +* [bitnami/kafka] Release 24.0.12 (#18630) ([5c27d23](https://github.com/bitnami/charts/commit/5c27d234411d9baf0ced9f90cb528970b6629502)), closes [#18630](https://github.com/bitnami/charts/issues/18630) + +## 24.0.11 (2023-08-17) + +* [bitnami/kafka] Release 24.0.11 (#18532) ([0fe34db](https://github.com/bitnami/charts/commit/0fe34db3faa233df482d9373f631e81d8a2e928e)), closes [#18532](https://github.com/bitnami/charts/issues/18532) + +## 24.0.10 (2023-08-11) + +* ! provisioning job to use a writable tmp folder for client.properties; (#18369) ([729161a](https://github.com/bitnami/charts/commit/729161a98c90f04bac38173c523c4b60c9fb4672)), closes [#18369](https://github.com/bitnami/charts/issues/18369) + +## 24.0.9 (2023-08-10) + +* [bitnami/kafka] Add enableServiceLinks (#18324) ([66eb9d7](https://github.com/bitnami/charts/commit/66eb9d715730c6f3c1bb83fc497589d9f6d9ec96)), closes [#18324](https://github.com/bitnami/charts/issues/18324) + +## 24.0.8 (2023-08-09) + +* [bitnami/kafka] Release 24.0.8 (#18328) ([2382a55](https://github.com/bitnami/charts/commit/2382a554acd0173288f4d870e1ba1d86909d495a)), closes [#18328](https://github.com/bitnami/charts/issues/18328) + +## 24.0.7 (2023-08-09) + +* [bitnami/kafka] Mount /tmp for kafka-init (#18323) ([d3a850b](https://github.com/bitnami/charts/commit/d3a850bcadf349bdd6a6d13fdfaa8c24e9e4ee7e)), closes [#18323](https://github.com/bitnami/charts/issues/18323) + +## 24.0.6 (2023-08-09) + +* [bitnami/kafka] Fix issue with Kafka port in NOTES.txt and restore default service ports (#18274) ([995b868](https://github.com/bitnami/charts/commit/995b868ac03aa01bcb924eca871768930ffc464a)), closes [#18274](https://github.com/bitnami/charts/issues/18274) + +## 24.0.5 (2023-08-07) + +* [bitnami/kafka] Fix Kafka provisoning (#18242) ([76926cb](https://github.com/bitnami/charts/commit/76926cbf89753107da9d8bfd1ebee10b84ed15be)), closes [#18242](https://github.com/bitnami/charts/issues/18242) + +## 24.0.4 (2023-08-07) + +* [bitnami/kafka] Release 24.0.4 (#18234) ([db054a7](https://github.com/bitnami/charts/commit/db054a73f06e94ebbc03e4827899c16c22d0918e)), closes [#18234](https://github.com/bitnami/charts/issues/18234) + +## 24.0.3 (2023-08-04) + +* [bitnami/kafka] Mount /tmp as an emptyDir volume (#18212) ([d6572e4](https://github.com/bitnami/charts/commit/d6572e463d2914edccd431620a6ff65db65c53d7)), closes [#18212](https://github.com/bitnami/charts/issues/18212) +* [bitnami/kafka] Release 24.0.3 (#18217) ([de5c79d](https://github.com/bitnami/charts/commit/de5c79dfb49bc89d877a2f9575114d38c2cf1d84)), closes [#18217](https://github.com/bitnami/charts/issues/18217) + +## 24.0.2 (2023-08-04) + +* changes from RegexFind to RegexMatch as boolean is expected (#18202) ([bfc6ab7](https://github.com/bitnami/charts/commit/bfc6ab7c30b96958dd1cdc54e291f1880fa062dd)), closes [#18202](https://github.com/bitnami/charts/issues/18202) + +## 24.0.1 (2023-08-04) + +* [bitnami/kafka] Always create system-user if client SASL enabled (#18197) ([2e9bbbd](https://github.com/bitnami/charts/commit/2e9bbbdbdb1255834b75f441d7058f1a7d69558f)), closes [#18197](https://github.com/bitnami/charts/issues/18197) + +## 24.0.0 (2023-08-03) + +* [bitnami/kafka] Chart refactor (#17507) ([fb96509](https://github.com/bitnami/charts/commit/fb96509bed149bc3581c2e4f0ad2d7f2bb6a5b40)), closes [#17507](https://github.com/bitnami/charts/issues/17507) + +## 23.0.7 (2023-07-25) + +* [bitnami/kafka] Release 23.0.7 (#17904) ([4fd78cd](https://github.com/bitnami/charts/commit/4fd78cd8c26542336d71a0e4f223adefe2f39a44)), closes [#17904](https://github.com/bitnami/charts/issues/17904) + +## 23.0.6 (2023-07-24) + +* [bitnami/kafka] Release 23.0.6 (#17843) ([f985538](https://github.com/bitnami/charts/commit/f985538a832c556241bdc9d90cc7e6eb2c3686df)), closes [#17843](https://github.com/bitnami/charts/issues/17843) + +## 23.0.5 (2023-07-17) + +* [bitnami/kafka] Release 23.0.5 (#17735) ([18b28f5](https://github.com/bitnami/charts/commit/18b28f5d3e280b6cd66875439993fac0889c3f11)), closes [#17735](https://github.com/bitnami/charts/issues/17735) + +## 23.0.4 (2023-07-13) + +* [bitnami/kafka] Release 23.0.4 (#17695) ([1a65f84](https://github.com/bitnami/charts/commit/1a65f847f1927acd035f67a795839bec2b513397)), closes [#17695](https://github.com/bitnami/charts/issues/17695) + +## 23.0.3 (2023-07-13) + +* [bitnami/kafka] Release 23.0.3 (#17642) ([e1bc746](https://github.com/bitnami/charts/commit/e1bc7465f8bfa22a0fe0af0f41d8b3adee7c242c)), closes [#17642](https://github.com/bitnami/charts/issues/17642) + +## 23.0.2 (2023-07-05) + +* [bitnami/kafka] Release 23.0.2 (#17495) ([5213407](https://github.com/bitnami/charts/commit/5213407e6b008b880176e1d68abe65b9f71a09e4)), closes [#17495](https://github.com/bitnami/charts/issues/17495) + +## 23.0.1 (2023-06-27) + +* [bitnami/kafka] Release 23.0.1 (#17368) ([235d8c3](https://github.com/bitnami/charts/commit/235d8c35133c12a76005ddf3120b86c3a0619b9e)), closes [#17368](https://github.com/bitnami/charts/issues/17368) + +## 23.0.0 (2023-06-26) + +* [bitnami/kafka] Release 23.0.0 (#17354) ([ce20f41](https://github.com/bitnami/charts/commit/ce20f416ae5dd7ed733e3dd0f41aaabfd460d0f2)), closes [#17354](https://github.com/bitnami/charts/issues/17354) +* Add copyright header (#17300) ([da68be8](https://github.com/bitnami/charts/commit/da68be8e951225133c7dfb572d5101ca3d61c5ae)), closes [#17300](https://github.com/bitnami/charts/issues/17300) +* Update charts readme (#17217) ([31b3c0a](https://github.com/bitnami/charts/commit/31b3c0afd968ff4429107e34101f7509e6a0e913)), closes [#17217](https://github.com/bitnami/charts/issues/17217) + +## 22.1.6 (2023-06-19) + +* [bitnami/kafka] Remove KAFKA_ENABLE_KRAFT duplicated keys (#17148) ([ec08951](https://github.com/bitnami/charts/commit/ec08951858d8c6eecb6d49fc72cd387022fb4054)), closes [#17148](https://github.com/bitnami/charts/issues/17148) + +## 22.1.5 (2023-06-07) + +* [bitnami/kafka] Release 22.1.5 (#17055) ([8d8d074](https://github.com/bitnami/charts/commit/8d8d074d6c61d189905015c2797de358811d9d52)), closes [#17055](https://github.com/bitnami/charts/issues/17055) + +## 22.1.4 (2023-06-05) + +* [bitnami/*] Change copyright section in READMEs (#17006) ([ef986a1](https://github.com/bitnami/charts/commit/ef986a1605241102b3dcafe9fd8089e6fc1201ad)), closes [#17006](https://github.com/bitnami/charts/issues/17006) +* [bitnami/kafka]Fix kafka.validateValues.tlsPasswords gives an error for provisioning even when provi ([45b550b](https://github.com/bitnami/charts/commit/45b550b3580d4a5ec1af5caad0006baf1f5f854c)), closes [#16948](https://github.com/bitnami/charts/issues/16948) +* [bitnami/several] Change copyright section in READMEs (#16989) ([5b6a5cf](https://github.com/bitnami/charts/commit/5b6a5cfb7625a751848a2e5cd796bd7278f406ca)), closes [#16989](https://github.com/bitnami/charts/issues/16989) + +## 22.1.3 (2023-05-21) + +* [bitnami/kafka] Release 22.1.3 (#16778) ([d204faa](https://github.com/bitnami/charts/commit/d204faa3c7e244289d62ae16b3483e48beb6c107)), closes [#16778](https://github.com/bitnami/charts/issues/16778) + +## 22.1.2 (2023-05-17) + +* [bitnami/kafka] Fix issue with Kafka where Zookeeper mode could not be used + minor fixes (#16558) ([3a97a52](https://github.com/bitnami/charts/commit/3a97a5232f8a4e3ca4071e27c317179b4b78055c)), closes [#16558](https://github.com/bitnami/charts/issues/16558) +* [bitnami/kafka] fix: set domain is ineffective when autoDiscovery #16237 (#16392) ([a2ab641](https://github.com/bitnami/charts/commit/a2ab641dfad1a918d69959750819ab269ab12985)), closes [#16237](https://github.com/bitnami/charts/issues/16237) [#16392](https://github.com/bitnami/charts/issues/16392) +* Add wording for enterprise page (#16560) ([8f22774](https://github.com/bitnami/charts/commit/8f2277440b976d52785ba9149762ad8620a73d1f)), closes [#16560](https://github.com/bitnami/charts/issues/16560) + +## 22.1.1 (2023-05-10) + +* [bitnami/kafka] set KAFKA_ENABLE_KRAFT=false if we don't use kraft (#16276) ([33178ed](https://github.com/bitnami/charts/commit/33178edf823120b940e0f58290b93540cb3e20c0)), closes [#16276](https://github.com/bitnami/charts/issues/16276) + +## 22.1.0 (2023-05-09) + +* [bitnami/several] Adapt Chart.yaml to set desired OCI annotations (#16546) ([fc9b18f](https://github.com/bitnami/charts/commit/fc9b18f2e98805d4df629acbcde696f44f973344)), closes [#16546](https://github.com/bitnami/charts/issues/16546) + +## 22.0.3 (2023-05-09) + +* [bitnami/kafka] Release 22.0.3 (#16466) ([6b56379](https://github.com/bitnami/charts/commit/6b563792d5d18117786bfb194c71f9070ae89d31)), closes [#16466](https://github.com/bitnami/charts/issues/16466) + +## 22.0.2 (2023-05-04) + +* [bitnami/kafka] Fix logic to prevent overwriting voter variable (#16263) ([1f31f8e](https://github.com/bitnami/charts/commit/1f31f8e3163f47564ae660ab043a79555b74a65d)), closes [#16263](https://github.com/bitnami/charts/issues/16263) + +## 22.0.1 (2023-04-27) + +* [bitnami/kafka] Use username as key in the Service Binding secret (#16252) ([bdf46e5](https://github.com/bitnami/charts/commit/bdf46e51703c48085f61d5f65605fca24184f8c5)), closes [#16252](https://github.com/bitnami/charts/issues/16252) + +## 22.0.0 (2023-04-24) + +* [bitnami/kafka] Configure Kraft mode by default (#15768) ([f1aec56](https://github.com/bitnami/charts/commit/f1aec563c28f27f575849a756c33a7fb84266d40)), closes [#15768](https://github.com/bitnami/charts/issues/15768) + +## 21.5.0 (2023-04-20) + +* [bitnami/*] Make Helm charts 100% OCI (#15998) ([8841510](https://github.com/bitnami/charts/commit/884151035efcbf2e1b3206e7def85511073fb57d)), closes [#15998](https://github.com/bitnami/charts/issues/15998) + +## 21.4.6 (2023-04-20) + +* Fix provisioning with bundle CA (#16032) ([31eb383](https://github.com/bitnami/charts/commit/31eb38325b0a1ffca4a8a968e75e36301de55cbc)), closes [#16032](https://github.com/bitnami/charts/issues/16032) + +## 21.4.5 (2023-04-19) + +* [bitnami/kafka] fix reversed certs in provisioning job when using PEM certs; (#16057) ([c12bc0a](https://github.com/bitnami/charts/commit/c12bc0a28fe2a2696be65febb59d19668c50d019)), closes [#16057](https://github.com/bitnami/charts/issues/16057) + +## 21.4.4 (2023-04-01) + +* [bitnami/kafka] Release 21.4.4 (#15857) ([dfc0dde](https://github.com/bitnami/charts/commit/dfc0dde55133111fcae8f27d83e227758e59bfe2)), closes [#15857](https://github.com/bitnami/charts/issues/15857) + +## 21.4.3 (2023-03-31) + +* [bitnami/kafka] Release 21.4.3 (#15823) ([2dd5f76](https://github.com/bitnami/charts/commit/2dd5f761644f3c6e20db1bc693d8dbb3687e1591)), closes [#15823](https://github.com/bitnami/charts/issues/15823) + +## 21.4.2 (2023-03-28) + +* [bitnami/kafka] Release 21.4.2 (#15752) ([728c37d](https://github.com/bitnami/charts/commit/728c37db407a9086f5d644000720d364cd19b7fb)), closes [#15752](https://github.com/bitnami/charts/issues/15752) + +## 21.4.1 (2023-03-22) + +* [bitnami/kafka] Add upgrading notes to version 21.0.0 (#15537) ([ee223d9](https://github.com/bitnami/charts/commit/ee223d906306c23dae3841f8bca6873a9fe973fa)), closes [#15537](https://github.com/bitnami/charts/issues/15537) +* [bitnami/kafka] kraft.clusterId format docs (#15519) ([43b10fc](https://github.com/bitnami/charts/commit/43b10fc0625010e34d06d3bebf66c8c120887087)), closes [#15519](https://github.com/bitnami/charts/issues/15519) +* [bitnami/kafka] Release 21.4.1 (#15667) ([62b6143](https://github.com/bitnami/charts/commit/62b614322a2c0f2bb62ad5e19f4e8c4943cf2d12)), closes [#15667](https://github.com/bitnami/charts/issues/15667) + +## 21.4.0 (2023-03-13) + +* [bitnami/kafka] Allow externalIPs for external access. (#15364) ([a7b0323](https://github.com/bitnami/charts/commit/a7b0323fa6f735fcbef78f945e26ed214d887de8)), closes [#15364](https://github.com/bitnami/charts/issues/15364) [#14222](https://github.com/bitnami/charts/issues/14222) + +## 21.3.1 (2023-03-09) + +* [bitnami/charts] Apply linter to README files (#15357) ([0e29e60](https://github.com/bitnami/charts/commit/0e29e600d3adc8b1b46e506eccb3decfab3b4e63)), closes [#15357](https://github.com/bitnami/charts/issues/15357) +* [bitnami/kafka] fix no security protocol defined for listener CONTROLLER (#15409) ([93b4eb1](https://github.com/bitnami/charts/commit/93b4eb130a49232fff0ae206f547871a8d3cd377)), closes [#15409](https://github.com/bitnami/charts/issues/15409) + +## 21.3.0 (2023-03-07) + +* [bitnami/kafka] Kafka Kraft implementation (#14850) ([956de76](https://github.com/bitnami/charts/commit/956de76384c811ada1358564f4ced2850c09e1b5)), closes [#14850](https://github.com/bitnami/charts/issues/14850) + +## 21.2.0 (2023-03-02) + +* [bitnami/kafka] Add kafka network metrics (#15295) ([06c5a98](https://github.com/bitnami/charts/commit/06c5a98cb4998d140a9af2057f9416ddb8d1f4d7)), closes [#15295](https://github.com/bitnami/charts/issues/15295) + +## 21.1.1 (2023-03-01) + +* [bitnami/kafka] Release 21.1.1 (#15237) ([5349a74](https://github.com/bitnami/charts/commit/5349a7409eebd30538fed5a06c3b0a9440f06bbd)), closes [#15237](https://github.com/bitnami/charts/issues/15237) + +## 21.1.0 (2023-03-01) + +* [kafka] bump to 21.x (#15161) ([7ef7725](https://github.com/bitnami/charts/commit/7ef7725d3268271d27eb480f702496566813e8cb)), closes [#15161](https://github.com/bitnami/charts/issues/15161) + +## 20.1.1 (2023-02-22) + +* [bitnami/kafka] Release 20.1.1 (#15102) ([d952db5](https://github.com/bitnami/charts/commit/d952db57f6e7d60d8e80ec1f6d8ce66b39f19761)), closes [#15102](https://github.com/bitnami/charts/issues/15102) + +## 20.1.0 (2023-02-21) + +* [bitnami/kafka] feat: :sparkles: Add ServiceBinding-compatible secrets (#14938) ([e64ae76](https://github.com/bitnami/charts/commit/e64ae7697fc01eb46b16324ff096048a5b55e330)), closes [#14938](https://github.com/bitnami/charts/issues/14938) + +## 21.0.1 (2023-02-17) + +* [bitnami/kafka] Release 21.0.1 (#14986) ([e390275](https://github.com/bitnami/charts/commit/e3902757ba9f1850605a9e1adc0a01217e1a0cc7)), closes [#14986](https://github.com/bitnami/charts/issues/14986) + +## 21.0.0 (2023-02-17) + +* [bitnami/*] Change copyright date (#14682) ([add4ec7](https://github.com/bitnami/charts/commit/add4ec701108ac36ed4de2dffbdf407a0d091067)), closes [#14682](https://github.com/bitnami/charts/issues/14682) +* [bitnami/*] Fix markdown linter issues (#14874) ([a51e0e8](https://github.com/bitnami/charts/commit/a51e0e8d35495b907f3e70dd2f8e7c3bcbf4166a)), closes [#14874](https://github.com/bitnami/charts/issues/14874) +* [bitnami/*] Fix markdown linter issues 2 (#14890) ([aa96572](https://github.com/bitnami/charts/commit/aa9657237ee8df4a46db0d7fdf8a23230dd6902a)), closes [#14890](https://github.com/bitnami/charts/issues/14890) +* [bitnami/*] Remove unexpected extra spaces (#14873) ([c97c714](https://github.com/bitnami/charts/commit/c97c714887380d47eae7bfeff316bf01595ecd1d)), closes [#14873](https://github.com/bitnami/charts/issues/14873) +* [bitnami/kafka] Release 21.0.0 (#14943) ([4d0c758](https://github.com/bitnami/charts/commit/4d0c7589d8c9148661219ddba8b56218a8b2ade2)), closes [#14943](https://github.com/bitnami/charts/issues/14943) + +## 20.0.6 (2023-01-31) + +* [bitnami/kafka] Don't regenerate self-signed certs on upgrade (#14629) ([7a5cef7](https://github.com/bitnami/charts/commit/7a5cef7cad900aa0fd1f9bd5281c1ac5b54d9fcf)), closes [#14629](https://github.com/bitnami/charts/issues/14629) + +## 20.0.5 (2023-01-24) + +* [bitnami/*] Change licenses annotation format (#14377) ([0ab7608](https://github.com/bitnami/charts/commit/0ab760862c660fcc78cffadf8e1d8cdd70881473)), closes [#14377](https://github.com/bitnami/charts/issues/14377) +* [bitnami/*] Unify READMEs (#14472) ([2064fb8](https://github.com/bitnami/charts/commit/2064fb8dcc78a845cdede8211af8c3cc52551161)), closes [#14472](https://github.com/bitnami/charts/issues/14472) +* [bitnami/kafka] Release 20.0.5 (#14509) ([bfbb05f](https://github.com/bitnami/charts/commit/bfbb05f3782443ebbc8cc0bf5a9e8354906dce55)), closes [#14509](https://github.com/bitnami/charts/issues/14509) + +## 20.0.4 (2023-01-13) + +* [bitnami/kafka] Release 20.0.4 (#14337) ([40bf90e](https://github.com/bitnami/charts/commit/40bf90ef4a52969b9ed8acca3d8a67e90d800673)), closes [#14337](https://github.com/bitnami/charts/issues/14337) + +## 20.0.3 (2023-01-12) + +* [bitnami/*] Add license annotation and remove obsolete engine parameter (#14293) ([da2a794](https://github.com/bitnami/charts/commit/da2a7943bae95b6e9b5b4ed972c15e990b69fdb0)), closes [#14293](https://github.com/bitnami/charts/issues/14293) +* [bitnami/kafka] Remove hardcoded ports from listeners (#14251) ([13dc244](https://github.com/bitnami/charts/commit/13dc244a8afdbd46fe77157e4691263ce6b9b218)), closes [#14251](https://github.com/bitnami/charts/issues/14251) + +## 20.0.2 (2022-12-19) + +* [bitnami/kafka] Release 20.0.2 (#14014) ([95c7f7c](https://github.com/bitnami/charts/commit/95c7f7c2c37debe3d4f2643d02ec21c7b0170856)), closes [#14014](https://github.com/bitnami/charts/issues/14014) +* Expose external port in svc for ClusterIP (#13869) ([d878de3](https://github.com/bitnami/charts/commit/d878de310f56e62d295597b69a762b689c3c1f3e)), closes [#13869](https://github.com/bitnami/charts/issues/13869) + +## 20.0.1 (2022-12-10) + +* [bitnami/kafka] Release 20.0.1 (#13889) ([8199a23](https://github.com/bitnami/charts/commit/8199a23db75438a3b1366aa9702c942774de6c40)), closes [#13889](https://github.com/bitnami/charts/issues/13889) + +## 20.0.0 (2022-12-06) + +* [bitnami/kafka] Zookeeper chart update (#13839) ([06de679](https://github.com/bitnami/charts/commit/06de6795309a4b2313cc3097c4c4f519047712b6)), closes [#13839](https://github.com/bitnami/charts/issues/13839) + +## 19.1.5 (2022-12-02) + +* [bitnami/kafka] Adding publishNotReadyAddresses to kafka services headless and external. (#13672) ([11576cf](https://github.com/bitnami/charts/commit/11576cf5f1a121b417cb954ea88f1202b615dc17)), closes [#13672](https://github.com/bitnami/charts/issues/13672) +* [bitnami/kafka] Release 19.1.5 (#13802) ([47c8dc4](https://github.com/bitnami/charts/commit/47c8dc4df3523eba303f235430e59220874e0f90)), closes [#13802](https://github.com/bitnami/charts/issues/13802) + +## 19.1.4 (2022-11-29) + +* [bitnami/kafka] adding back rollingUpdate default setting (#13592) ([5b09f7a](https://github.com/bitnami/charts/commit/5b09f7a7c0d9232f5752840b6c4e5cdc56d7f796)), closes [#13592](https://github.com/bitnami/charts/issues/13592) + +## 19.1.3 (2022-11-11) + +* [bitnami/kafka] use new memory opts for jmx-exporter (#13445) ([2814eed](https://github.com/bitnami/charts/commit/2814eed9be7dcca0ec267d048941c4057db8ab42)), closes [#13445](https://github.com/bitnami/charts/issues/13445) + +## 19.1.2 (2022-11-08) + +* [bitnami/kafka] Create rolebindings always (#13403) ([49a0598](https://github.com/bitnami/charts/commit/49a059821e33f8b8fa29db52e2fa92f165d28df5)), closes [#13403](https://github.com/bitnami/charts/issues/13403) +* [bitnami/kafka] Force new version publishing (#13411) ([289822e](https://github.com/bitnami/charts/commit/289822e4569d1b00de916d446307937b035fa008)), closes [#13411](https://github.com/bitnami/charts/issues/13411) + +## 19.1.1 (2022-11-08) + +* [bitnami/kafka] Allow Kafka provisioning to be assigned a service account (#13091) ([841d781](https://github.com/bitnami/charts/commit/841d781c343c2d5edf0ba4ab3ffde2fa0add3275)), closes [#13091](https://github.com/bitnami/charts/issues/13091) +* [bitnami/kafka] Release 19.1.1 (#13401) ([fa439b2](https://github.com/bitnami/charts/commit/fa439b2f32a6052e4da68d6be7f4a50e31c3fc43)), closes [#13401](https://github.com/bitnami/charts/issues/13401) + +## 19.1.0 (2022-11-04) + +* [bitnami/kafka] Add support set config broker.rack with AWS availability zone info (#13308) ([cbd65c9](https://github.com/bitnami/charts/commit/cbd65c9270a7b29190c70d1987f8966d128e72af)), closes [#13308](https://github.com/bitnami/charts/issues/13308) + +## 19.0.2 (2022-11-02) + +* [bitnami/kafka] removing default value updateStrategy.rollingUpdate (#13271) ([5b80521](https://github.com/bitnami/charts/commit/5b805211ca9c96692c06fed75ae033bc444d4279)), closes [#13271](https://github.com/bitnami/charts/issues/13271) + +## 19.0.1 (2022-10-21) + +* [bitnami/*] Use new default branch name in links (#12943) ([a529e02](https://github.com/bitnami/charts/commit/a529e02597d49d944eba1eb0f190713293247176)), closes [#12943](https://github.com/bitnami/charts/issues/12943) +* [bitnami/kafka] Add nodeSelector to Kafka provisioning (#12913) ([92a77bd](https://github.com/bitnami/charts/commit/92a77bdcae6c5a409ee586a280cb54fcbd6a2d94)), closes [#12913](https://github.com/bitnami/charts/issues/12913) +* [bitnami/kafka] Added description on how to set ssl.client.auth=required in Kafka configuration (#12 ([3620d8c](https://github.com/bitnami/charts/commit/3620d8cae8663a94b24761d3b41441bd16668fb3)), closes [#12650](https://github.com/bitnami/charts/issues/12650) +* [bitnami/kafka] Upgrade README after releasing version 19.0.0 (#12898) ([d8cb4aa](https://github.com/bitnami/charts/commit/d8cb4aa652de2e1e3afa2daef04e30ba0ea1108f)), closes [#12898](https://github.com/bitnami/charts/issues/12898) + +## 19.0.0 (2022-10-10) + +* [bitnami/kafka] Release 19.0.0 (#12892) ([5fca92c](https://github.com/bitnami/charts/commit/5fca92ccad57f293f38bddad6709a15d9540f760)), closes [#12892](https://github.com/bitnami/charts/issues/12892) +* Generic README instructions related to the repo (#12792) ([3cf6b10](https://github.com/bitnami/charts/commit/3cf6b10e10e60df4b3e191d6b99aa99a9f597755)), closes [#12792](https://github.com/bitnami/charts/issues/12792) + +## 18.5.0 (2022-10-04) + +* [bitnami/kafka] Add labels to volume claim template (#12641) ([ec3aa60](https://github.com/bitnami/charts/commit/ec3aa601300b88b985b0174ffa88adf666ecfeef)), closes [#12641](https://github.com/bitnami/charts/issues/12641) + +## 18.4.4 (2022-09-21) + +* [bitnami/kafka] Release 18.4.4 (#12618) ([f3197b4](https://github.com/bitnami/charts/commit/f3197b4951a21cc949cad598c3281c456f3fadc5)), closes [#12618](https://github.com/bitnami/charts/issues/12618) +* [bitnami/kafka] Use custom probes if given (#12510) ([ff0c2a0](https://github.com/bitnami/charts/commit/ff0c2a0075a89fb7a80c6b8e586eaf0bb6dcdf4e)), closes [#12510](https://github.com/bitnami/charts/issues/12510) [#12354](https://github.com/bitnami/charts/issues/12354) + +## 18.4.3 (2022-09-20) + +* [bitnami/kafka] Release 18.4.3 (#12587) ([74e522b](https://github.com/bitnami/charts/commit/74e522bb2632d97ae5189b9db113bfd443e8b115)), closes [#12587](https://github.com/bitnami/charts/issues/12587) + +## 18.4.2 (2022-09-15) + +* [bitnami/kafka] Release 18.4.2 (#12441) ([b28a288](https://github.com/bitnami/charts/commit/b28a288506e18b736589e189a0ccf994b113378f)), closes [#12441](https://github.com/bitnami/charts/issues/12441) + +## 18.4.1 (2022-09-15) + +* [bitnami/kafka] Disallowing privilege escalation for kafka (#12313) ([c2cf11a](https://github.com/bitnami/charts/commit/c2cf11a519fe814728709fd6e20fd17286e7e852)), closes [#12313](https://github.com/bitnami/charts/issues/12313) +* [bitnami/kafka] Fix KAFKA_CFG_LOG_RETENTION_CHECK_INTERVALS_MS typo (#12169) ([1ea8e40](https://github.com/bitnami/charts/commit/1ea8e40231aba6fd4566cd165c36de91144a7970)), closes [#12169](https://github.com/bitnami/charts/issues/12169) [#12164](https://github.com/bitnami/charts/issues/12164) +* [bitnami/kafka] implement prometheusrule (#12377) ([b1e051e](https://github.com/bitnami/charts/commit/b1e051e59809462167e73087a99f876336f70d5c)), closes [#12377](https://github.com/bitnami/charts/issues/12377) + +## 18.4.0 (2022-09-14) + +* [bitnami/kafka] Enable external access via cluster IP (#11853) ([909819b](https://github.com/bitnami/charts/commit/909819b2df88174ee8695156edcccd96abd220b9)), closes [#11853](https://github.com/bitnami/charts/issues/11853) + +## 18.3.1 (2022-08-30) + +* [bitnami/kafka] Release 18.3.1 (#12201) ([d08cd2d](https://github.com/bitnami/charts/commit/d08cd2d914d123f48822f2374c8357b3d8a904a6)), closes [#12201](https://github.com/bitnami/charts/issues/12201) + +## 18.3.0 (2022-08-25) + +* [bitnami/kafka] adding extra rules to jmx template (#11996) ([e65cd43](https://github.com/bitnami/charts/commit/e65cd4391218c73b9ec952a15525159748481647)), closes [#11996](https://github.com/bitnami/charts/issues/11996) + +## 18.2.0 (2022-08-24) + +* bitnami/kafka Adding external service labels (#11780) ([f213c37](https://github.com/bitnami/charts/commit/f213c37bd8fe54772f7cd4387739ad39f721f192)), closes [#11780](https://github.com/bitnami/charts/issues/11780) + +## 18.1.3 (2022-08-23) + +* [bitnami/kafka] Update Chart.lock (#12122) ([7338d25](https://github.com/bitnami/charts/commit/7338d25533b99c63887c205454bc64c80dfa12c9)), closes [#12122](https://github.com/bitnami/charts/issues/12122) + +## 18.1.2 (2022-08-23) + +* revert logsDir log /opt/bitnami/data by default (#11788) ([a7673f7](https://github.com/bitnami/charts/commit/a7673f7840f76a5441e6d19e9f0649cd6468d303)), closes [#11788](https://github.com/bitnami/charts/issues/11788) + +## 18.1.1 (2022-08-22) + +* [bitnami/kafka] Update Chart.lock (#11987) ([5b65a36](https://github.com/bitnami/charts/commit/5b65a36ee43119ed60227eca58b7afc54ff15579)), closes [#11987](https://github.com/bitnami/charts/issues/11987) + +## 18.1.0 (2022-08-22) + +* [bitnami/kafka] Add support for image digest apart from tag (#11908) ([f870b04](https://github.com/bitnami/charts/commit/f870b04b55384c396db07ee4a970acc13ab9e1ac)), closes [#11908](https://github.com/bitnami/charts/issues/11908) + +## 18.0.8 (2022-08-09) + +* [bitnami/kafka] Release 18.0.8 (#11682) ([37deddd](https://github.com/bitnami/charts/commit/37dedddc7aeaa7f6f6c27f0021c64a5f3b287fc6)), closes [#11682](https://github.com/bitnami/charts/issues/11682) + +## 18.0.7 (2022-08-05) + +* [bitnami/kafka] Fix typo introduced in 11569 (#11612) ([4f11de9](https://github.com/bitnami/charts/commit/4f11de94d5fb0d97975bf1b77567f07c58d7a99e)), closes [#11612](https://github.com/bitnami/charts/issues/11612) +* [bitnami/kafka] Modify logsDir to use persistence.mountPath (#11569) ([98a4d64](https://github.com/bitnami/charts/commit/98a4d64c41802fcb055c19ee08f43b2de0b4766e)), closes [#11569](https://github.com/bitnami/charts/issues/11569) + +## 18.0.6 (2022-08-04) + +* [bitnami/kafka] Release 18.0.6 (#11604) ([2ae853c](https://github.com/bitnami/charts/commit/2ae853c9251ed00e9179184e3781029c5a8cd032)), closes [#11604](https://github.com/bitnami/charts/issues/11604) + +## 18.0.5 (2022-08-04) + +* [bitnami/kafka] Release 18.0.5 (#11560) ([e7ae7a7](https://github.com/bitnami/charts/commit/e7ae7a74be946c2000405882282a0cbe44b5bc18)), closes [#11560](https://github.com/bitnami/charts/issues/11560) + +## 18.0.4 (2022-08-03) + +* [bitnami/*] Update URLs to point to the new bitnami/containers monorepo (#11352) ([d665af0](https://github.com/bitnami/charts/commit/d665af0c708846192d8d5fb2f5f9ea65dd464ab0)), closes [#11352](https://github.com/bitnami/charts/issues/11352) +* [bitnami/kafka] Release 18.0.4 (#11511) ([40f31ce](https://github.com/bitnami/charts/commit/40f31ceb9dfb3c2c82f0c238e1f90543148b0085)), closes [#11511](https://github.com/bitnami/charts/issues/11511) + +## 18.0.3 (2022-07-06) + +* [bitnami/kafka] Release 18.0.3 (#11056) ([5360260](https://github.com/bitnami/charts/commit/5360260b9a524612e5792e62caac5fa25079129a)), closes [#11056](https://github.com/bitnami/charts/issues/11056) + +## 18.0.2 (2022-07-05) + +* [bitnami/kafka] Release 18.0.2 (#11026) ([a5606d0](https://github.com/bitnami/charts/commit/a5606d05ba4af3a1ee87e94db94f246cd36cc143)), closes [#11026](https://github.com/bitnami/charts/issues/11026) + +## 18.0.1 (2022-06-30) + +* [bitnami/kafka] Release 18.0.1 (#10952) ([0e21deb](https://github.com/bitnami/charts/commit/0e21debd49815b7c8485283840d65b398f03c476)), closes [#10952](https://github.com/bitnami/charts/issues/10952) + +## 18.0.0 (2022-06-15) + +* [bitnami/kafka] #10470: component labels for jmx & kafka exporter (#10551) ([22b2a67](https://github.com/bitnami/charts/commit/22b2a678ef6b8efb7d2ecfc6c1d6c7681902141f)), closes [#10470](https://github.com/bitnami/charts/issues/10470) [#10551](https://github.com/bitnami/charts/issues/10551) +* [bitnami/kafka] Update Zookeeper major and subchart values (#10760) ([d2ecf9a](https://github.com/bitnami/charts/commit/d2ecf9aac0270925f18a32340655a1c352a6275c)), closes [#10760](https://github.com/bitnami/charts/issues/10760) + +## 17.2.6 (2022-06-11) + +* [bitnami/kafka] Release 17.2.6 updating components versions ([148773c](https://github.com/bitnami/charts/commit/148773cd75ae0e986f3aebd71b6c726eba6d127d)) + +## 17.2.5 (2022-06-07) + +* [bitnami/*] Replace Kubeapps URL in READMEs (and kubeapps Chart.yaml) and remove BKPR references (#1 ([c6a7914](https://github.com/bitnami/charts/commit/c6a7914361e5aea6016fb45bf4d621edfd111d32)), closes [#10600](https://github.com/bitnami/charts/issues/10600) +* Fix tolerations and topologySpreadConstraints default values (#10629) ([f7a7d04](https://github.com/bitnami/charts/commit/f7a7d04efa53be3ed5e7e78cf05cb9ad0f490ee7)), closes [#10629](https://github.com/bitnami/charts/issues/10629) + +## 17.2.4 (2022-06-06) + +* [bitnami/kafka] Release 17.2.4 updating components versions ([d6d4840](https://github.com/bitnami/charts/commit/d6d48403e65ba8392476a4d106fbcc4a53fa6d01)) + +## 17.2.3 (2022-06-01) + +* [bitnami/kafka] Fix link in README (#10526) ([3f28032](https://github.com/bitnami/charts/commit/3f280328fb4281ca68d42965bcde7795094acd8c)), closes [#10526](https://github.com/bitnami/charts/issues/10526) + +## 17.2.2 (2022-06-01) + +* [bitnami/several] Replace maintainers email by url (#10523) ([ff3cf61](https://github.com/bitnami/charts/commit/ff3cf617a1680509b0f3855d17c4ccff7b29a0ff)), closes [#10523](https://github.com/bitnami/charts/issues/10523) + +## 17.2.1 (2022-05-30) + +* [bitnami/several] Replace base64 --decode with base64 -d (#10495) ([099286a](https://github.com/bitnami/charts/commit/099286ae7a87784cf809df0b64ab24f7ff0144c8)), closes [#10495](https://github.com/bitnami/charts/issues/10495) + +## 17.2.0 (2022-05-30) + +* [bitnami/kafka] Allow to configure headless svc labels and annotations (#9873) ([82915ee](https://github.com/bitnami/charts/commit/82915eeb92aadbc55178ba731ed0ddc0f5c0ea46)), closes [#9873](https://github.com/bitnami/charts/issues/9873) + +## 17.1.0 (2022-05-26) + +* [bitnami/kafka] Add missing service parameter (#10417) ([cb61bcb](https://github.com/bitnami/charts/commit/cb61bcb67cf64395749d17f65b97d1af6e151d0b)), closes [#10417](https://github.com/bitnami/charts/issues/10417) + +## 17.0.1 (2022-05-25) + +* [bitnami/kafka] Release 17.0.1 updating components versions ([c73b1c3](https://github.com/bitnami/charts/commit/c73b1c3684c3d969b67109b2064cad9c86f1592a)) + +## 17.0.0 (2022-05-23) + +* [bitnami/kafka] Release 17.0.0 updating components versions ([1ea3e29](https://github.com/bitnami/charts/commit/1ea3e29b500ce3326566be886453536bff61b9f8)) + +## 16.4.0 (2022-05-23) + +* [bitnami/kafka] Add provisioning job tolerations (#10330) ([43f87f1](https://github.com/bitnami/charts/commit/43f87f175947e29778347b886b1532ff9d6bbdc2)), closes [#10330](https://github.com/bitnami/charts/issues/10330) + +## 16.3.2 (2022-05-21) + +* [bitnami/kafka] Release 16.3.2 updating components versions ([149ee61](https://github.com/bitnami/charts/commit/149ee61e4552d4c5a293f63b24207e5ddc5138f3)) + +## 16.3.1 (2022-05-20) + +* [bitnami/kafka] Release 16.3.1 updating components versions ([a94e8ca](https://github.com/bitnami/charts/commit/a94e8ca9e3cac3187db0d7dc108b1b9194f3cc07)) + +## 16.3.0 (2022-05-19) + +* [bitnami/kafka] Add parameters to configure SSL for Zookeeper client connections (#9915) ([a34396e](https://github.com/bitnami/charts/commit/a34396e58fcd4879e8b6ceb132aa1ec0e0f3edf2)), closes [#9915](https://github.com/bitnami/charts/issues/9915) + +## 16.2.15 (2022-05-19) + +* [bitnami/kafka] Release 16.2.15 updating components versions ([9b716a8](https://github.com/bitnami/charts/commit/9b716a8deb439edee606e590d48336798ef256d9)) + +## 16.2.14 (2022-05-18) + +* [bitnami/kafka] Release 16.2.14 updating components versions ([2b284ac](https://github.com/bitnami/charts/commit/2b284aca941103c22681ebc989aed960b0ae702e)) + +## 16.2.13 (2022-05-13) + +* [bitnami/kafka] Release 16.2.13 updating components versions ([51836a3](https://github.com/bitnami/charts/commit/51836a3f79566d9808b2a8188fef1c4d2db1cf4e)) + +## 16.2.12 (2022-05-13) + +* [bitnami/*] Remove old 'ci' files (#10171) ([5df30c4](https://github.com/bitnami/charts/commit/5df30c44dbd1812da8786579ce4a94917d46a6ad)), closes [#10171](https://github.com/bitnami/charts/issues/10171) +* [bitnami/*] Unify k8s directives separators (#10185) ([2650214](https://github.com/bitnami/charts/commit/26502141d146ca3bdfb3bf744fcdec8ca5cece44)), closes [#10185](https://github.com/bitnami/charts/issues/10185) + +## 16.2.11 (2022-05-11) + +* [bitnami/kafka] Add missing namespace metadata (#10129) ([990eb85](https://github.com/bitnami/charts/commit/990eb852f459aa9995310ded2b269ca0f89a2934)), closes [#10129](https://github.com/bitnami/charts/issues/10129) +* [bitnami/kafka] Fix label selector in jmx service monitor (#9995) ([648e5f3](https://github.com/bitnami/charts/commit/648e5f33b7eccbadaf7af967d4c24b435691da5d)), closes [#9995](https://github.com/bitnami/charts/issues/9995) + +## 16.2.10 (2022-05-04) + +* [bitnami/kafka] Append zookeeperChrootPath when using external zookeeper. (#9990) ([13eaa3f](https://github.com/bitnami/charts/commit/13eaa3fdfd8e27317c99d0eef5747e3cca357a26)), closes [#9990](https://github.com/bitnami/charts/issues/9990) + +## 16.2.9 (2022-04-26) + +* [bitnami/kafka] Add chown for data dir, not only children (#9690) (#9823) ([d13421d](https://github.com/bitnami/charts/commit/d13421db896ce1fcfaca67f70faca9bae46419df)), closes [#9690](https://github.com/bitnami/charts/issues/9690) [#9823](https://github.com/bitnami/charts/issues/9823) [#9690](https://github.com/bitnami/charts/issues/9690) + +## 16.2.8 (2022-04-25) + +* [bitnami/kafka] Release 16.2.8 updating components versions ([58f7748](https://github.com/bitnami/charts/commit/58f7748479c906fae4310c20bb2bbfe2a89e2fb1)) + +## 16.2.7 (2022-04-21) + +* [bitnami/kafka] Release 16.2.7 updating components versions ([1054315](https://github.com/bitnami/charts/commit/10543158291defa6ef5e0c44d9cf2836cf1e0593)) + +## 16.2.6 (2022-04-20) + +* [bitnami/kafka] Release 16.2.6 updating components versions ([a40de81](https://github.com/bitnami/charts/commit/a40de81657df99303a9e9bce5245b216f838fde4)) + +## 16.2.5 (2022-04-19) + +* [bitnami/kafka] Release 16.2.5 updating components versions ([c3d5344](https://github.com/bitnami/charts/commit/c3d53445a3f3071fa312d4dab8335a16af58fa15)) + +## 16.2.4 (2022-04-18) + +* [bitnami/kafka] Release 16.2.4 updating components versions ([123d19a](https://github.com/bitnami/charts/commit/123d19a2a45e0c6dbc8665b6d684f70c8b18650e)) + +## 16.2.3 (2022-04-05) + +* [bitnami/kafka] Release 16.2.3 updating components versions ([701f434](https://github.com/bitnami/charts/commit/701f434439babb9dde54fd6e99e4e41ee0b9c079)) + +## 16.2.2 (2022-04-03) + +* [bitnami/kafka] Release 16.2.2 updating components versions ([e168391](https://github.com/bitnami/charts/commit/e168391d2fd700d916302282f45d10944808d963)) + +## 16.2.1 (2022-04-02) + +* [bitnami/kafka] Release 16.2.1 updating components versions ([8abde33](https://github.com/bitnami/charts/commit/8abde334bf2f27317615a3a42faf143ee6e69d66)) + +## 16.2.0 (2022-03-30) + +* [bitnami/kafka] Improve SASL handling and support for service mesh (#9242) ([5f0728d](https://github.com/bitnami/charts/commit/5f0728db4d5cfef02294bf5eea05d6e49c7b20a5)), closes [#9242](https://github.com/bitnami/charts/issues/9242) + +## 16.1.3 (2022-03-29) + +* [bitnami/kafka] Release 16.1.3 updating components versions ([ce63b28](https://github.com/bitnami/charts/commit/ce63b28979f41989210701fd2c33da37b69ee9a0)) + +## 16.1.2 (2022-03-28) + +* [bitnami/kafka] Release 16.1.2 updating components versions ([7f5b5e7](https://github.com/bitnami/charts/commit/7f5b5e7147cfd7705c54d365e4f4493f3c5304b8)) + +## 16.1.1 (2022-03-27) + +* [bitnami/kafka] Release 16.1.1 updating components versions ([16a191a](https://github.com/bitnami/charts/commit/16a191a6ebec2a9124d83fffcf777150ede35c7d)) + +## 16.1.0 (2022-03-25) + +* chore: add the possibility to provision kafka topics in parallel (#9520) ([7fdd75e](https://github.com/bitnami/charts/commit/7fdd75ea7a91a327acdad46a4cfb084f9111e827)), closes [#9520](https://github.com/bitnami/charts/issues/9520) + +## 16.0.0 (2022-03-24) + +* [bitnami/kakfa] Update zookeeper version for kafka (#9549) ([5fa146a](https://github.com/bitnami/charts/commit/5fa146a7dca020d3814c0584bd64b868005524d3)), closes [#9549](https://github.com/bitnami/charts/issues/9549) + +## 15.5.1 (2022-03-21) + +* [bitnami/kafka] Release 15.5.1 updating components versions ([1fdd228](https://github.com/bitnami/charts/commit/1fdd2283f0e5a8772e4a763b455733c77e01b119)) + +## 15.5.0 (2022-03-18) + +* [bitnami/kafka] Allow PEM chain to be used for TLS (#9422) ([801091d](https://github.com/bitnami/charts/commit/801091d19094431ad2940b5cbfa0e8e2b57d8dff)), closes [#9422](https://github.com/bitnami/charts/issues/9422) + +## 15.4.3 (2022-03-18) + +* [bitnami/kafka] Release 15.4.3 updating components versions ([cb64d46](https://github.com/bitnami/charts/commit/cb64d462672f5993acd50fb4c36635aeb5145dbb)) + +## 15.4.2 (2022-03-17) + +* [bitnami/kafka] Release 15.4.2 updating components versions ([4adf8d6](https://github.com/bitnami/charts/commit/4adf8d672f182852553dda4b7b3ad7a23f7dde19)) + +## 15.4.1 (2022-03-16) + +* [bitnami/kafka] Release 15.4.1 updating components versions ([8ca4706](https://github.com/bitnami/charts/commit/8ca470633c837f8f23cace5e38e263b226a87622)) + +## 15.4.0 (2022-03-10) + +* [bitnami/kafka] Enable SSL for kafka privisioning job (#9072) ([a7aa286](https://github.com/bitnami/charts/commit/a7aa286e7bec0dcc58a02c526345d98a77f0969a)), closes [#9072](https://github.com/bitnami/charts/issues/9072) + +## 15.3.8 (2022-03-09) + +* [bitnami/kafka] Release 15.3.8 updating components versions ([8639cf9](https://github.com/bitnami/charts/commit/8639cf9b1de71601532732df575f7db2b614c0fd)) + +## 15.3.7 (2022-03-09) + +* [bitnami/kafka] Fix typo in comment (#9341) ([b9eb6e0](https://github.com/bitnami/charts/commit/b9eb6e0057e0e35035e1cc45adebdf6bf3ba14fc)), closes [#9341](https://github.com/bitnami/charts/issues/9341) + +## 15.3.6 (2022-03-07) + +* Fix rendering of topologySpreadConstraints (#9149) ([caae35a](https://github.com/bitnami/charts/commit/caae35af789def0857f0e099e85138995787a761)), closes [#9149](https://github.com/bitnami/charts/issues/9149) + +## 15.3.5 (2022-03-04) + +* [bitnami/several] Reorder subcharts (#9299) ([a041f6b](https://github.com/bitnami/charts/commit/a041f6b0ff2dea82b3d030cb99454cede94dbc9a)), closes [#9299](https://github.com/bitnami/charts/issues/9299) + +## 15.3.4 (2022-03-01) + +* [bitnami/kafka] Release 15.3.4 updating components versions ([95b5329](https://github.com/bitnami/charts/commit/95b532989c837903a6dc279f4c64252dd8136de5)) + +## 15.3.3 (2022-02-27) + +* [bitnami/kafka] Release 15.3.3 updating components versions ([f752d88](https://github.com/bitnami/charts/commit/f752d8873ab5bb7e57eee93bec84f4250ec66bfc)) + +## 15.3.2 (2022-02-22) + +* Add hostIPC option for Kafka StatefulSet (#9156) ([5662ba9](https://github.com/bitnami/charts/commit/5662ba91f5d67af2bb52a3404a39ab6f1ca4008c)), closes [#9156](https://github.com/bitnami/charts/issues/9156) +* Add hostNetwork option for Kafka StatefulSet (#9081) ([e511753](https://github.com/bitnami/charts/commit/e511753c1acb7865af966fcc75f18819ee1af339)), closes [#9081](https://github.com/bitnami/charts/issues/9081) + +## 15.3.1 (2022-02-21) + +* [bitnami/kafka] Add flag '-r' to xargs in volumePermissions init-container (#9134) ([e928476](https://github.com/bitnami/charts/commit/e9284763d444a278d2c7d052f64e3d307757d855)), closes [#9134](https://github.com/bitnami/charts/issues/9134) + +## 15.3.0 (2022-02-17) + +* [bitnami/kafka] Add passwordSecret parameter (#8936) ([b192405](https://github.com/bitnami/charts/commit/b192405eb31fa5a9d8265bd7aa4983b9429643b9)), closes [#8936](https://github.com/bitnami/charts/issues/8936) + +## 15.2.3 (2022-02-17) + +* [btinami/kafka] Fixes kafka_exporter with TLS (#9042) ([be26f17](https://github.com/bitnami/charts/commit/be26f177570dd6bbcef1435d9c9fd2b2b7e7d797)), closes [#9042](https://github.com/bitnami/charts/issues/9042) + +## 15.2.1 (2022-02-15) + +* [bitnami/kafka] Release 15.2.1 updating components versions ([cf80444](https://github.com/bitnami/charts/commit/cf8044446270213d6a4a4b2737b07d3214a20d3c)) + +## 15.2.0 (2022-02-15) + +* [bitnami/kafka] Include new parameter to allow setting external names for load balanced external lis ([a8028de](https://github.com/bitnami/charts/commit/a8028ded2e107e9a16c7225b2a90c4119a785cd9)), closes [#8983](https://github.com/bitnami/charts/issues/8983) [bitnami/charts#8983](https://github.com/bitnami/charts/issues/8983) [bitnami/charts#8875](https://github.com/bitnami/charts/issues/8875) + +## 15.1.1 (2022-02-11) + +* [bitnami/kafka] Fix SASL mechanisms in Kafka exporter (#8980) ([0dc3f89](https://github.com/bitnami/charts/commit/0dc3f89b08da451ab95bdf4f04125562c6c136d6)), closes [#8980](https://github.com/bitnami/charts/issues/8980) + +## 15.1.0 (2022-02-08) + +* [bitnami/kafka] Add external clients setting (#8902) ([f5e8d0b](https://github.com/bitnami/charts/commit/f5e8d0be109a569a96700a4dd32f59a34e81cc8a)), closes [#8902](https://github.com/bitnami/charts/issues/8902) [#8856](https://github.com/bitnami/charts/issues/8856) [#8660](https://github.com/bitnami/charts/issues/8660) + +## 15.0.5 (2022-02-07) + +* [bitnami/kafka] Fix volumeMounts error for kafka-provisioning (#8910) ([119656c](https://github.com/bitnami/charts/commit/119656c514073e6b55108084ed3ce590cb38d886)), closes [#8910](https://github.com/bitnami/charts/issues/8910) + +## 15.0.4 (2022-02-03) + +* Changed CRLF to LF (#8886) ([994bcd2](https://github.com/bitnami/charts/commit/994bcd268a425bc31e4ceb55893f044199037f17)), closes [#8886](https://github.com/bitnami/charts/issues/8886) + +## 15.0.3 (2022-02-02) + +* [bitnami/kafka] Release 15.0.3 updating components versions ([62a53a8](https://github.com/bitnami/charts/commit/62a53a86c83cac8a77353e22976c9731851ac649)) + +## 15.0.2 (2022-02-02) + +* [bitnami/*] Fix non-utf8 characters (#8826) ([aebe0ed](https://github.com/bitnami/charts/commit/aebe0ed63d845e1e2b38751103810adf200b18f5)), closes [#8826](https://github.com/bitnami/charts/issues/8826) +* [bitnami/kafka] Provisioning hook lifecycle (#8870) ([4d0be3e](https://github.com/bitnami/charts/commit/4d0be3ee7104013fa972f070a4fb1dbfb15da010)), closes [#8870](https://github.com/bitnami/charts/issues/8870) + +## 15.0.1 (2022-01-25) + +* [bitnami/kafka] Release 15.0.1 updating components versions ([2783625](https://github.com/bitnami/charts/commit/27836251f8e7c016f171ad2f538581ecd4ed6b92)) + +## 15.0.0 (2022-01-24) + +* [bitnami/kafka] Kafka 3 + Chart standardized (#8666) ([a0732d7](https://github.com/bitnami/charts/commit/a0732d72b5fa5cd21f8568948065c99ea429c617)), closes [#8666](https://github.com/bitnami/charts/issues/8666) + +## 14.9.3 (2022-01-20) + +* fix resource-name for kafka-egress-netpol (#8727) ([aec00b4](https://github.com/bitnami/charts/commit/aec00b4484448bda66790bd13111c436470e3246)), closes [#8727](https://github.com/bitnami/charts/issues/8727) + +## 14.9.2 (2022-01-20) + +* [bitnami/*] Readme automation (#8579) ([78d1938](https://github.com/bitnami/charts/commit/78d193831c900d178198491ffd08fa2217a64ecd)), closes [#8579](https://github.com/bitnami/charts/issues/8579) +* [bitnami/*] Update READMEs (#8716) ([b9a9533](https://github.com/bitnami/charts/commit/b9a953337590eb2979453385874a267bacf50936)), closes [#8716](https://github.com/bitnami/charts/issues/8716) +* [bitnami/several] Change prerequisites (#8725) ([8d740c5](https://github.com/bitnami/charts/commit/8d740c566cfdb7e2d933c40128b4e919fce953a5)), closes [#8725](https://github.com/bitnami/charts/issues/8725) + +## 14.9.1 (2022-01-14) + +* [bitnami/kafka] Release 14.9.1 updating components versions ([109571b](https://github.com/bitnami/charts/commit/109571bfa85a23751fa6b6247750e33576fae99f)) + +## 14.9.0 (2022-01-05) + +* [bitnami/several] Adapt templating format (#8562) ([8cad18a](https://github.com/bitnami/charts/commit/8cad18aed9966a6f0208e5ad6cee46cb217f47ab)), closes [#8562](https://github.com/bitnami/charts/issues/8562) +* [bitnami/several] Add license to the README ([05f7633](https://github.com/bitnami/charts/commit/05f763372501d596e57db713dd53ff4ff3027cc4)) +* [bitnami/several] Add license to the README ([32fb238](https://github.com/bitnami/charts/commit/32fb238e60a0affc6debd3142eaa3c3d9089ec2a)) +* [bitnami/several] Add license to the README ([b87c2f7](https://github.com/bitnami/charts/commit/b87c2f7899d48a8b02c506765e6ae82937e9ba3f)) + +## 14.8.1 (2021-12-22) + +* [bitnami/kafka] Improved compatibility with Kubernetes 1.21+ and Openshift (#8458) ([94bc49b](https://github.com/bitnami/charts/commit/94bc49b9bbb2fc59c96c9686140d2f5961a52a37)), closes [#8458](https://github.com/bitnami/charts/issues/8458) + +## 14.8.0 (2021-12-22) + +* [bitnami/kafka] Add egress custom rules (#8445) ([c30197d](https://github.com/bitnami/charts/commit/c30197dbd7179018eb13f41c98d648c598cbd9c5)), closes [#8445](https://github.com/bitnami/charts/issues/8445) + +## 14.7.1 (2021-12-15) + +* [bitnami/kafka] Release 14.7.1 updating components versions ([697e832](https://github.com/bitnami/charts/commit/697e83259ee03a84e7411351cc4194e8b2130eeb)) + +## 14.7.0 (2021-12-14) + +* [bitnami/kafka] Add networkpolicy support (#8356) ([cffa866](https://github.com/bitnami/charts/commit/cffa86698fd01ec4b1e93a9c09e183934f73829a)), closes [#8356](https://github.com/bitnami/charts/issues/8356) + +## 14.6.0 (2021-12-13) + +* [bitnami/kafka] Add value zookeeperChrootPath (#8285) ([7965edb](https://github.com/bitnami/charts/commit/7965edb8636e986327b84f06aff4a3b7bd1a25c4)), closes [#8285](https://github.com/bitnami/charts/issues/8285) + +## 14.5.1 (2021-12-10) + +* [bitnami/kafka] use resources for provisioning initContainer (#8276) ([13aa12b](https://github.com/bitnami/charts/commit/13aa12bdc44c1a9f4170eaed018079dbc407b84b)), closes [#8276](https://github.com/bitnami/charts/issues/8276) + +## 14.5.0 (2021-12-09) + +* [bitnami/kafka] Make it possible to customize the securityContext in all containers (#8319) ([ae92f76](https://github.com/bitnami/charts/commit/ae92f76e10e243f6a3b9f5aefe74091bb6a701b3)), closes [#8319](https://github.com/bitnami/charts/issues/8319) +* [bitnami/several] Regenerate README tables ([8150149](https://github.com/bitnami/charts/commit/8150149f0bb746e86ff0029fc375d43775bdf15a)) + +## 14.4.3 (2021-11-29) + +* [bitnami/several] Replace HTTP by HTTPS when possible (#8259) ([eafb5bd](https://github.com/bitnami/charts/commit/eafb5bd5a2cc3aaf04fc1e8ebedd73f420d76864)), closes [#8259](https://github.com/bitnami/charts/issues/8259) + +## 14.4.2 (2021-11-28) + +* [bitnami/kafka] Release 14.4.2 updating components versions ([adfdfa8](https://github.com/bitnami/charts/commit/adfdfa86283f72d91ea7658cb2044c05f045befe)) +* [bitnami/several] Fix deadlinks in README.md (#8215) ([99e90d2](https://github.com/bitnami/charts/commit/99e90d244b3244e059a42f72dcbecd3cda2b66bb)), closes [#8215](https://github.com/bitnami/charts/issues/8215) +* [bitnami/several] Regenerate README tables ([3d7ca74](https://github.com/bitnami/charts/commit/3d7ca74b3b732b0620497ae7b399545117510209)) + +## 14.4.1 (2021-11-15) + +* [bitnami/kafka] Add values to set pod labels and annotations for kafka exporter (#8114) ([eea9cf2](https://github.com/bitnami/charts/commit/eea9cf2090dd25f88aa131053e204e30d2fbcc7e)), closes [#8114](https://github.com/bitnami/charts/issues/8114) +* [bitnami/several] Regenerate README tables ([e6f742c](https://github.com/bitnami/charts/commit/e6f742cb88c330952cb52da038db61537ec921e5)) + +## 14.4.0 (2021-11-11) + +* [bitnami/kafka] Add separate service account for kafka exporter (#8045) ([39f1adb](https://github.com/bitnami/charts/commit/39f1adbd7f0c1a0c0fd91ca17f75523e3fef62f9)), closes [#8045](https://github.com/bitnami/charts/issues/8045) + +## 14.3.0 (2021-11-09) + +* [bitnami/kafka] Use an array for existing secrets containing TLS certs (#8060) ([c4e5c94](https://github.com/bitnami/charts/commit/c4e5c940d480211dd6cc50abaea33d488e8cde1d)), closes [#8060](https://github.com/bitnami/charts/issues/8060) + +## 14.2.6 (2021-11-09) + +* [bitnami/kafka] evaluate extraVolumes and extraVolumeMounts as a template (#8066) ([1f4027e](https://github.com/bitnami/charts/commit/1f4027e908290ba6b1553fe1accda056ad3478be)), closes [#8066](https://github.com/bitnami/charts/issues/8066) +* [bitnami/several] Regenerate README tables ([6e3fb95](https://github.com/bitnami/charts/commit/6e3fb954296a91f83fc1654d77109e5ef4fb6dc0)) + +## 14.2.5 (2021-10-27) + +* [bitnami/kafka] Release 14.2.5 updating components versions ([c8f657f](https://github.com/bitnami/charts/commit/c8f657fca842ea53a76a7b34fb92420080bd02ad)) + +## 14.2.4 (2021-10-22) + +* [bitnami/several] Add chart info to NOTES.txt (#7889) ([a6751cd](https://github.com/bitnami/charts/commit/a6751cdd33c461fabbc459fbea6f219ec64ab6b2)), closes [#7889](https://github.com/bitnami/charts/issues/7889) +* [bitnami/several] Regenerate README tables ([70da75e](https://github.com/bitnami/charts/commit/70da75e6fcc7d152614a8995e4b722cd7e82b426)) + +## 14.2.3 (2021-10-21) + +* [bitnami/kafka] Release 14.2.3 updating components versions ([d629a32](https://github.com/bitnami/charts/commit/d629a32e2ce943a99cc1bae510ed5ce431de9840)) + +## 14.2.2 (2021-10-19) + +* [bitnami/kafka] Update README.md on using default service from the outside (#7793) ([fe7b30d](https://github.com/bitnami/charts/commit/fe7b30db5a8eeac2b3ad43b6813b4c0aa8ecb28b)), closes [#7793](https://github.com/bitnami/charts/issues/7793) [#7661](https://github.com/bitnami/charts/issues/7661) +* [bitnami/several] Change pullPolicy for bitnami-shell image (#7852) ([9711a33](https://github.com/bitnami/charts/commit/9711a33c6eec72ea79143c4b7574dbe6a148d6b2)), closes [#7852](https://github.com/bitnami/charts/issues/7852) +* [bitnami/several] Regenerate README tables ([194a909](https://github.com/bitnami/charts/commit/194a909268377a6820d91f788c0380f427637ce6)) +* [Kafka] Support Using MY_POD_IP address for Kafka External Access (#7700) ([ef9156e](https://github.com/bitnami/charts/commit/ef9156ec08ec84227692cc3e9ed977dae712b51b)), closes [#7700](https://github.com/bitnami/charts/issues/7700) + +## 14.2.1 (2021-10-07) + +* [bitnami/*] Fix service monitors selectors (#7720) ([1279593](https://github.com/bitnami/charts/commit/1279593765044df99902bfee8dcfaeb60e95f125)), closes [#7720](https://github.com/bitnami/charts/issues/7720) +* [bitnami/*] Generate READMEs with new generator version (#7614) ([e5ab2e6](https://github.com/bitnami/charts/commit/e5ab2e6ecdd6bce800863f154cda524ff9f6c117)), closes [#7614](https://github.com/bitnami/charts/issues/7614) + +## 14.2.0 (2021-09-24) + +* [bitnami/several] Regenerate README tables ([bd0f8f2](https://github.com/bitnami/charts/commit/bd0f8f2f281fed642259508be21a57af1cfa5c2b)) +* add kafka acl config param (#7576) ([1f4a2da](https://github.com/bitnami/charts/commit/1f4a2da3e57542d48a1a409e0418e11c8ccc3bfd)), closes [#7576](https://github.com/bitnami/charts/issues/7576) + +## 14.1.1 (2021-09-21) + +* [bitnami/kafka] Release 14.1.1 updating components versions ([ad605b4](https://github.com/bitnami/charts/commit/ad605b4f287c35b8e8747ccda7c9ffda6260e2ea)) +* [bitnami/several] Regenerate README tables ([c01cbe5](https://github.com/bitnami/charts/commit/c01cbe5e3bfe8a5f8545107f9c8d99a58d0e6832)) + +## 14.1.0 (2021-09-07) + +* [bitnami/several] Regenerate README tables ([64d5d74](https://github.com/bitnami/charts/commit/64d5d747b84299ca9f63ea8a586b13870abe31a6)) +* Added topology spread constraints to Kafka chart. (#7406) ([b2a1fb8](https://github.com/bitnami/charts/commit/b2a1fb84ca79e1ddeb8cb0f292e62b84729b2072)), closes [#7406](https://github.com/bitnami/charts/issues/7406) + +## 14.0.5 (2021-08-26) + +* [bitnami/kafka] Release 14.0.5 updating components versions ([3d44c6b](https://github.com/bitnami/charts/commit/3d44c6b375de2aab19269dfd74fd1c7971bdc5d5)) +* [bitnami/several] Regenerate README tables ([da2513b](https://github.com/bitnami/charts/commit/da2513bf0a33819f3b1151d387c631a9ffdb03e2)) + +## 14.0.4 (2021-08-25) + +* [bitnami/kafka] Release 14.0.4 updating components versions ([1af0f0d](https://github.com/bitnami/charts/commit/1af0f0d7ef33c3c98bd9e2f63829df4e6d008657)) +* [bitnami/several] Regenerate README tables ([6c9124f](https://github.com/bitnami/charts/commit/6c9124f79491aa65f53a87c1ed598b47ffa8b411)) + +## 14.0.3 (2021-08-20) + +* [bitnami/kafka] Fix missing "component" "%COMPONENT_NAME%" (#7271) ([fc25fc5](https://github.com/bitnami/charts/commit/fc25fc558c2402fc96df0998d9d34b0484ab1bf2)), closes [#7271](https://github.com/bitnami/charts/issues/7271) + +## 14.0.2 (2021-08-17) + +* [bitnami/kafka] Release 14.0.2 updating components versions ([9023ccf](https://github.com/bitnami/charts/commit/9023ccf8d82f00b833fd5331709cdcdf9e403d2f)) +* [bitnami/several] Regenerate README tables ([6c107e8](https://github.com/bitnami/charts/commit/6c107e835d6caf8db2e8b17dcd48c5971637e013)) + +## 14.0.1 (2021-08-02) + +* [bitnami/kafka] Release 14.0.1 updating components versions ([5f528e8](https://github.com/bitnami/charts/commit/5f528e8eb661b2c988d981b69c9e873005bc5668)) + +## 14.0.0 (2021-08-02) + +* [bitnami/several] Simplify image definition logic removing duplications (#7114) ([43e4eee](https://github.com/bitnami/charts/commit/43e4eee921209ca662c7902668b09b3b1a1d28a9)), closes [#7114](https://github.com/bitnami/charts/issues/7114) +* [bitnami/several] Update READMEs (#7108) ([44961d9](https://github.com/bitnami/charts/commit/44961d9cdfae1b0d06808124c4b47e8adc3de146)), closes [#7108](https://github.com/bitnami/charts/issues/7108) + +## 13.1.5 (2021-07-30) + +* [bitnami/kafka] Add missing flag to Kafka exporter to use SASL as authentication (#7104) ([d313965](https://github.com/bitnami/charts/commit/d313965223c775e9f2dbac3a20c1d3d96bbb50f5)), closes [#7104](https://github.com/bitnami/charts/issues/7104) + +## 13.1.4 (2021-07-30) + +* [bitnami/several] Fix default values when using `foo: |` (#7092) ([fe91297](https://github.com/bitnami/charts/commit/fe91297fdf3f6c74aee31c423912e4ac19b55c94)), closes [#7092](https://github.com/bitnami/charts/issues/7092) + +## 13.1.3 (2021-07-30) + +* [bitnami/kafka] Adapt env. variables to new format (#7098) ([390f9fb](https://github.com/bitnami/charts/commit/390f9fb71cf774e5000d9943020e35a3ee6c491d)), closes [#7098](https://github.com/bitnami/charts/issues/7098) + +## 13.1.2 (2021-07-29) + +* [bitnami/kafka] Fix missing environment variable for SSL (#7095) ([cd031e4](https://github.com/bitnami/charts/commit/cd031e446ad684fffb3df6cea5974f19b6811f58)), closes [#7095](https://github.com/bitnami/charts/issues/7095) + +## 13.1.1 (2021-07-27) + +* [bitnami/several] Fix default values and regenerate README (#7024) ([4c86733](https://github.com/bitnami/charts/commit/4c867335c5c9c5aba041868df16ebb8f64ac68bd)), closes [#7024](https://github.com/bitnami/charts/issues/7024) + +## 13.1.0 (2021-07-27) + +* [bitnami/several] Add diagnostic mode (#7012) ([f1344b0](https://github.com/bitnami/charts/commit/f1344b0361c5a93bf971d08f0fc64d3c8588cbf9)), closes [#7012](https://github.com/bitnami/charts/issues/7012) + +## 13.0.4 (2021-07-25) + +* [bitnami/kafka] Release 13.0.4 updating components versions ([9791b49](https://github.com/bitnami/charts/commit/9791b490d907d9436d79a60a098d599c2fdc7b18)) + +## 13.0.3 (2021-07-09) + +* [bitnami/*] Adapt values.yaml of Joomla, Jupyterhub and Kafka charts (#6850) ([8ebbf6e](https://github.com/bitnami/charts/commit/8ebbf6e0af566e05e794562d9a4d1e4f73ce1502)), closes [#6850](https://github.com/bitnami/charts/issues/6850) + +## 13.0.2 (2021-06-25) + +* [bitnami/kafka] Release 13.0.2 updating components versions ([b7bcf26](https://github.com/bitnami/charts/commit/b7bcf26c8a89214f1ee8bcffa45a2ba55d344343)) + +## 13.0.1 (2021-06-23) + +* [bitnami/kafka] Release 13.0.1 updating components versions ([62a0ebe](https://github.com/bitnami/charts/commit/62a0ebe745dfa326302aedb7cb5e3431e678fdf7)) + +## 13.0.0 (2021-06-22) + +* [bitnami/*] Update zookeeper deps (#6730) ([b6f75f4](https://github.com/bitnami/charts/commit/b6f75f4f646578fd6945fc4e041a6e96cad9c8e7)), closes [#6730](https://github.com/bitnami/charts/issues/6730) + +## 12.20.0 (2021-06-08) + +* [bitnami/kafka] adding a way to pass annotations to provisioning Pods (#6585) ([d2c2576](https://github.com/bitnami/charts/commit/d2c2576c59b527deace1df19345e0ad94230ed66)), closes [#6585](https://github.com/bitnami/charts/issues/6585) + +## 12.19.2 (2021-06-03) + +* [bitnami/kafka] Release 12.19.2 updating components versions ([f3c73a4](https://github.com/bitnami/charts/commit/f3c73a49ebba67b957b345df2723e7fa8069cfb5)) + +## 12.19.1 (2021-06-02) + +* [bitnami/kafka] Added params `relabelings` and `metricRelabelings` into ServiceMonitor resource (#65 ([6c78705](https://github.com/bitnami/charts/commit/6c78705286693cbaca78c2691b7348a096f5bf05)), closes [#6511](https://github.com/bitnami/charts/issues/6511) +* [bitnami/kafka] Fixed duplicate for `reabelings` condition in servicemonitor templates (#6534) ([a8dca07](https://github.com/bitnami/charts/commit/a8dca07acf8e986d5a79f8eaaa585ddae1400ac9)), closes [#6534](https://github.com/bitnami/charts/issues/6534) + +## 12.19.0 (2021-06-01) + +* [bitnami/kafka] Add selector to pvc (#6503) ([0cd3467](https://github.com/bitnami/charts/commit/0cd34672119a212b10ad098ed9d8a23373e3b5b6)), closes [#6503](https://github.com/bitnami/charts/issues/6503) + +## 12.18.3 (2021-05-24) + +* [bitnami/kafka] Release 12.18.3 updating components versions ([df20fda](https://github.com/bitnami/charts/commit/df20fdabd3d917fda9f70a4bf5be5cf89908813c)) + +## 12.18.2 (2021-05-24) + +* [bitnami/kafka] Release 12.18.2 updating components versions ([3bc0244](https://github.com/bitnami/charts/commit/3bc0244a258627cd3947f95796a741fb3d8ca9b4)) + +## 12.18.1 (2021-05-20) + +* [bitnami/kafka] Release 12.18.1 updating components versions ([4e40b8a](https://github.com/bitnami/charts/commit/4e40b8a89d0d1c4fe598543876c429f85cb6dcd3)) + +## 12.18.0 (2021-05-20) + +* [bitnami/*] Update Kubectl container version (#6420) ([dad6d38](https://github.com/bitnami/charts/commit/dad6d3857f54132e32b5860cd454129bc8b781fe)), closes [#6420](https://github.com/bitnami/charts/issues/6420) + +## 12.17.6 (2021-05-05) + +* [bitnami/kafka] SASL parameters updated (#6204) ([93c583a](https://github.com/bitnami/charts/commit/93c583ae38e242dec1df91c9dd299af12cf503e8)), closes [#6204](https://github.com/bitnami/charts/issues/6204) +* Update NOTES.txt (#6292) ([ee5597c](https://github.com/bitnami/charts/commit/ee5597c86b1cd3587fb50feb1dbc7518195c8cab)), closes [#6292](https://github.com/bitnami/charts/issues/6292) + +## 12.17.5 (2021-04-26) + +* [bitnami/kafka] Allow empty value for 'auth.tlsEndpointIdentificationAlgorithm' (#6214) ([4768491](https://github.com/bitnami/charts/commit/476849111a5477e056db1f544df0487e42e3603d)), closes [#6214](https://github.com/bitnami/charts/issues/6214) + +## 12.17.4 (2021-04-20) + +* [bitnami/kafka] Release 12.17.4 updating components versions ([bc6d4e8](https://github.com/bitnami/charts/commit/bc6d4e8be5cc85c05d57052618c79249a1df2cfc)) + +## 12.17.3 (2021-04-15) + +* [bitnami/kafka] Release 12.17.3 updating components versions ([f789fc3](https://github.com/bitnami/charts/commit/f789fc320fc321c69b0f7ce862d9e39cf818abf5)) + +## 12.17.2 (2021-04-14) + +* [bitnami/kafka] Do not use zookeeperUser if zookeeper auth is not enabled (#6103) ([7937b20](https://github.com/bitnami/charts/commit/7937b208f0c95c1f46ab606e40da28ebe21d9055)), closes [#6103](https://github.com/bitnami/charts/issues/6103) + +## 12.17.1 (2021-04-14) + +* [bitnami/kafka] Fix wrong type for listeners and advertisedListeners vars (#6069) ([6b26c46](https://github.com/bitnami/charts/commit/6b26c46ac3f1b2346699357dd37a1bbf11c7313e)), closes [#6069](https://github.com/bitnami/charts/issues/6069) + +## 12.17.0 (2021-04-14) + +* [bitnami/kafka] Add init containers to the Kafka exporter pods (#6084) ([f07241e](https://github.com/bitnami/charts/commit/f07241e9685de2da83557748f1f85df3886a1f38)), closes [#6084](https://github.com/bitnami/charts/issues/6084) + +## 12.16.2 (2021-04-08) + +* [bitnami/kafka] Allow provisioned topics to define default partitions and replication (#6051) ([bc0df93](https://github.com/bitnami/charts/commit/bc0df93937d4e5b23f936eccd0e2cb3e00fbf065)), closes [#6051](https://github.com/bitnami/charts/issues/6051) + +## 12.16.1 (2021-04-07) + +* [bitnami/kafka] Release 12.16.1 updating components versions ([7359c59](https://github.com/bitnami/charts/commit/7359c59a4bdbf92091e725b3a9df1fb702c46151)) + +## 12.16.0 (2021-04-02) + +* Add serviceAccount to Kafka metrics deployment and add automountServiceAccountToken on SA (#5988) ([3596309](https://github.com/bitnami/charts/commit/3596309a6d0cc39774b650c020f31bb41835c8c4)), closes [#5988](https://github.com/bitnami/charts/issues/5988) + +## 12.15.1 (2021-04-01) + +* [bitnami/kafka] exporter templating error (#5985) ([3c28601](https://github.com/bitnami/charts/commit/3c28601a7003f552b55844a78ab36fb10aa7336f)), closes [#5985](https://github.com/bitnami/charts/issues/5985) + +## 12.15.0 (2021-03-31) + +* [bitnami/kafka] Usage of Host IPs for external service without autodiscovery (#5963) ([7fdb7d1](https://github.com/bitnami/charts/commit/7fdb7d1ca40789814dcac396939104c19536bd4e)), closes [#5963](https://github.com/bitnami/charts/issues/5963) + +## 12.14.1 (2021-03-29) + +* [bitnami/kafka] Kafka-Exporter can start with read only rootfs (#5932) ([49c71a3](https://github.com/bitnami/charts/commit/49c71a3ad68a8d450a2093af1e7eabb758781e60)), closes [#5932](https://github.com/bitnami/charts/issues/5932) + +## 12.14.0 (2021-03-29) + +* [bitnami/kafka] Ability to configure terminationGracePeriodSeconds (#5919) ([2ce5c75](https://github.com/bitnami/charts/commit/2ce5c75b6df91102b7daf8f23e3fd714fcdf5c18)), closes [#5919](https://github.com/bitnami/charts/issues/5919) + +## 12.13.3 (2021-03-29) + +* [bitnami/kafka] Release 12.13.3 updating components versions ([467cf6f](https://github.com/bitnami/charts/commit/467cf6ffaafa1bb1ae0033e752d037c7c989c23b)) + +## 12.13.2 (2021-03-25) + +* [bitnami/kafka] Fix typo in Kafka connect example (#5901) ([e105226](https://github.com/bitnami/charts/commit/e105226d0a84386a38b648be2577ff00cd0c594a)), closes [#5901](https://github.com/bitnami/charts/issues/5901) + +## 12.13.1 (2021-03-24) + +* [bitnami/kafka] Release 12.13.1 updating components versions ([ecc608a](https://github.com/bitnami/charts/commit/ecc608a66f49d387dabce5adb697c67544388195)) + +## 12.13.0 (2021-03-24) + +* [bitnami/kafka] Add support for custom command/args on provisioning job (#5890) ([882de69](https://github.com/bitnami/charts/commit/882de69bdb8927b26344d89e5b5e278abfbe468a)), closes [#5890](https://github.com/bitnami/charts/issues/5890) + +## 12.12.2 (2021-03-24) + +* [bitnami/kafka] Fix provisioning template (#5895) ([3d496c4](https://github.com/bitnami/charts/commit/3d496c4a924b7165625c01d7f9728cb33ee69262)), closes [#5895](https://github.com/bitnami/charts/issues/5895) + +## 12.12.1 (2021-03-23) + +* [bitnami/kafka] Fix issue on secrets (#5883) ([8a760ec](https://github.com/bitnami/charts/commit/8a760ec280004da3f5260f5e334d023b8fe7fbad)), closes [#5883](https://github.com/bitnami/charts/issues/5883) +* Update README.md - Fixed #5649 (#5872) ([f5f4951](https://github.com/bitnami/charts/commit/f5f495102207764e676f07c68331ee80cfbe6e13)), closes [#5649](https://github.com/bitnami/charts/issues/5649) [#5872](https://github.com/bitnami/charts/issues/5872) [#5649](https://github.com/bitnami/charts/issues/5649) + +## 12.12.0 (2021-03-19) + +* [bitnami/kafka] Add support for PEM certificates (#5825) ([b437fef](https://github.com/bitnami/charts/commit/b437fef9f239496aed9cabfe55c42fd82171b160)), closes [#5825](https://github.com/bitnami/charts/issues/5825) + +## 12.11.1 (2021-03-15) + +* [bitnami/kafka] Always include serviceAccountName on statefulset (#5769) ([92d67eb](https://github.com/bitnami/charts/commit/92d67eb89233b2ef3699242f7b25d0d780b1d37c)), closes [#5769](https://github.com/bitnami/charts/issues/5769) + +## 12.11.0 (2021-03-11) + +* [bitnami/kafka]: Add affinity, tolerations, nodeSelector for kafka-exporter deployment (#5704) ([0d8b400](https://github.com/bitnami/charts/commit/0d8b40033b14ed799ffefdae5a3a5870ae882747)), closes [#5704](https://github.com/bitnami/charts/issues/5704) + +## 12.10.0 (2021-03-05) + +* [bitnami/kafka] add schedulerName for all resources (#5669) ([5ba7a1d](https://github.com/bitnami/charts/commit/5ba7a1d33ec0d00182130e3bc771863ea99f7cf4)), closes [#5669](https://github.com/bitnami/charts/issues/5669) + +## 12.9.6 (2021-03-04) + +* [bitnami/*] Remove minideb mentions (#5677) ([870bc4d](https://github.com/bitnami/charts/commit/870bc4dba1fc3aa55dd157da6687b25e8d352206)), closes [#5677](https://github.com/bitnami/charts/issues/5677) + +## 12.9.5 (2021-02-26) + +* [bitnami/kafka] Release 12.9.5 updating components versions ([5b7694c](https://github.com/bitnami/charts/commit/5b7694c5dc2b13a13549b363114c1888c0ffb218)) + +## 12.9.4 (2021-02-23) + +* [bitnami/kafka] Fix `long` value for `log.flush.scheduler.interval.ms` (#5579) ([5e60062](https://github.com/bitnami/charts/commit/5e600624c066378c5fc6393348894f2a0ebfda7d)), closes [#5579](https://github.com/bitnami/charts/issues/5579) + +## 12.9.3 (2021-02-22) + +* [bitnami/*] Use common macro to define RBAC apiVersion (#5585) ([71fb99f](https://github.com/bitnami/charts/commit/71fb99f541e971b1daafaa20ffb7d18b153b8d60)), closes [#5585](https://github.com/bitnami/charts/issues/5585) + +## 12.9.2 (2021-02-22) + +* [bitnami/kafka] Only set ssl.client.auth to required when mTLS is used (#5581) ([297bbcb](https://github.com/bitnami/charts/commit/297bbcb467342ca82d849b67a8de6965876a0293)), closes [#5581](https://github.com/bitnami/charts/issues/5581) + +## 12.9.1 (2021-02-19) + +* [bitnami/kafka] Fix Zookeeper with SASL-auth in combination with client and broker mTLS (#5524) ([8e80963](https://github.com/bitnami/charts/commit/8e8096321d42584601bc4475869a1bc9d7ec0423)), closes [#5524](https://github.com/bitnami/charts/issues/5524) + +## 12.9.0 (2021-02-17) + +* [bitnami/kafka] Flexible tls config for metrics exporter (#5520) ([ec76369](https://github.com/bitnami/charts/commit/ec76369dec2948a2b14e5a05b6156ff75384b389)), closes [#5520](https://github.com/bitnami/charts/issues/5520) + +## 12.8.0 (2021-02-15) + +* feature(kafka) Flexible tls config (#5473) ([936702f](https://github.com/bitnami/charts/commit/936702f00db6171f7ca45c9b8cf9b5327882f566)), closes [#5473](https://github.com/bitnami/charts/issues/5473) + +## 12.7.6 (2021-02-12) + +* [bitnami/kafka] Fix incorrect helpers (#5456) ([5f1d51b](https://github.com/bitnami/charts/commit/5f1d51b54bbfb3d8f6aec77145a32c09fb69da64)), closes [#5456](https://github.com/bitnami/charts/issues/5456) +* [bitnami/kafka] Separate tls encryption helpers (#5403) ([c5066aa](https://github.com/bitnami/charts/commit/c5066aad9484d609685cda5a2cad940f632ae00f)), closes [#5403](https://github.com/bitnami/charts/issues/5403) + +## 12.7.5 (2021-02-09) + +* Add registered icon to all the MongoDB references (#5426) ([56f2088](https://github.com/bitnami/charts/commit/56f20884267e56175695b2917f7704b9510f4ba6)), closes [#5426](https://github.com/bitnami/charts/issues/5426) + +## 12.7.4 (2021-02-02) + +* [bitnami/kafka] Add posibility to templatize externalZookeepers (#5374) ([a4b3ba9](https://github.com/bitnami/charts/commit/a4b3ba974a0c56dd7531444f11a1b825863126af)), closes [#5374](https://github.com/bitnami/charts/issues/5374) + +## 12.7.3 (2021-01-27) + +* [bitnami/kafka] Release 12.7.3 updating components versions ([7dd4eec](https://github.com/bitnami/charts/commit/7dd4eec01cf886f5da56f17ef9038b518f8867e8)) + +## 12.7.2 (2021-01-27) + +* [bitnami/kafka] Release 12.7.2 updating components versions ([4276aaa](https://github.com/bitnami/charts/commit/4276aaa210ff915223e810cfc6725a7807f6ed3f)) + +## 12.7.1 (2021-01-27) + +* [bitnami/kafka] Add hostAliases (#5248) ([deaafe8](https://github.com/bitnami/charts/commit/deaafe87eccc4ba90abe1dd917f1e0003832a1a9)), closes [#5248](https://github.com/bitnami/charts/issues/5248) +* [bitnami/kafka] Advertisedlisteners should use any worker node IP for EXTERNAL, if external service, ([5aae6fa](https://github.com/bitnami/charts/commit/5aae6fafa341b7ac8b6613a2ff7b6567e88e2565)), closes [#5218](https://github.com/bitnami/charts/issues/5218) + +## 12.7.0 (2021-01-27) + +* [bitnami/kafka] expose pod management policy (#5229) ([e94bd27](https://github.com/bitnami/charts/commit/e94bd279405a52c840ad9d05b767af8c355763ee)), closes [#5229](https://github.com/bitnami/charts/issues/5229) + +## 12.6.5 (2021-01-26) + +* [bitnami/kafka] Use different component name for kafka-provisioning job (#5209) ([b13319b](https://github.com/bitnami/charts/commit/b13319be9067603d440b4c7740e6d2b1ec8eab57)), closes [#5209](https://github.com/bitnami/charts/issues/5209) + +## 12.6.4 (2021-01-25) + +* [bitnami/*] Unify icons in Chart.yaml and add missing fields (#5206) ([0462921](https://github.com/bitnami/charts/commit/0462921418ca8d54308b7466197a6d53ffae4628)), closes [#5206](https://github.com/bitnami/charts/issues/5206) + +## 12.6.3 (2021-01-21) + +* [bitnami/kafka] Add provisioning values to readme (#5086) ([4dc2315](https://github.com/bitnami/charts/commit/4dc2315619dab725d0aba828692fbb39ec3caea3)), closes [#5086](https://github.com/bitnami/charts/issues/5086) +* [bitnami/kafka] Release 12.6.3 updating components versions ([d7a8d33](https://github.com/bitnami/charts/commit/d7a8d33b447b051767d8f35f5ae0b57c2226c802)) + +## 12.6.2 (2021-01-19) + +* [bitnami/*] Change helm version in the prerequisites (#5090) ([c5e67a3](https://github.com/bitnami/charts/commit/c5e67a388743cbee28439d2cabca27884b9daf97)), closes [#5090](https://github.com/bitnami/charts/issues/5090) +* [bitnami/kafka] Drop values-production.yaml support (#5109) ([6152d30](https://github.com/bitnami/charts/commit/6152d300216ab9dc837a8632307c4086c628fe0b)), closes [#5109](https://github.com/bitnami/charts/issues/5109) + +## 12.6.1 (2021-01-19) + +* bitnami/kafka Fix Upgrade regression from PR #4683 (#5073) ([7baeea1](https://github.com/bitnami/charts/commit/7baeea1cb66be576cb27be8ddc955df8f666cf0c)), closes [#4683](https://github.com/bitnami/charts/issues/4683) [#5073](https://github.com/bitnami/charts/issues/5073) + +## 12.6.0 (2021-01-18) + +* [bitnami/kafka] Add topics provisioning job (#4783) ([971ed6d](https://github.com/bitnami/charts/commit/971ed6d8e1babac2836947db45f0d88156b2207c)), closes [#4783](https://github.com/bitnami/charts/issues/4783) +* [bitnami/kafka] fix client.properties usage in NOTES ([de6e0cd](https://github.com/bitnami/charts/commit/de6e0cdc922c61a299e5237f2b32cd6c24d6e98e)) + +## 12.5.0 (2020-12-28) + +* [bitnami/kafka] Bring Kafka chart more in line with other charts with volumePermissions (#4728) ([4f6966c](https://github.com/bitnami/charts/commit/4f6966c1ac7f1838f3c6f8e69710d50768d377ff)), closes [#4728](https://github.com/bitnami/charts/issues/4728) + +## 12.4.3 (2020-12-24) + +* [bitnami/kafka] Register targetPod in global context (#4832) ([86b9816](https://github.com/bitnami/charts/commit/86b98162b81dccc144615f0c5bd5313e7e57c905)), closes [#4832](https://github.com/bitnami/charts/issues/4832) + +## 12.4.2 (2020-12-22) + +* [bitnami/kafka] Fix initContainers support (#4798) ([d013f37](https://github.com/bitnami/charts/commit/d013f37e89f9e1111efcb334607a3aceb7569e1d)), closes [#4798](https://github.com/bitnami/charts/issues/4798) +* [bitnami/kafka] Release 12.4.2 updating components versions ([c264ac7](https://github.com/bitnami/charts/commit/c264ac79d6e71364cbdfade94813a2a5840ca9eb)) + +## 12.4.1 (2020-12-22) + +* [bitnami/kafka] Release 12.4.1 updating components versions ([de794fe](https://github.com/bitnami/charts/commit/de794fe7a9d549d781a6e5626744e385697eae9f)) + +## 12.4.0 (2020-12-14) + +* [bitnami/*] fix typos (#4699) ([49adc63](https://github.com/bitnami/charts/commit/49adc63b672da976c55af2e077aa5648a357b77f)), closes [#4699](https://github.com/bitnami/charts/issues/4699) +* bitnami/kafka add minBrokerId variable (#4683) ([f4eb717](https://github.com/bitnami/charts/commit/f4eb7172411355ba3ebf164e05ecaa37dbb2f5c2)), closes [#4683](https://github.com/bitnami/charts/issues/4683) + +## 12.3.2 (2020-12-12) + +* [bitnami/kafka] Release 12.3.2 updating components versions ([ce525ba](https://github.com/bitnami/charts/commit/ce525ba8e3f54c51b3dc2ae88495f1f749e22e37)) + +## 12.3.1 (2020-12-11) + +* [bitnami/*] Update dependencies (#4694) ([2826c12](https://github.com/bitnami/charts/commit/2826c125b42505f28431301e3c1bbe5366e47a01)), closes [#4694](https://github.com/bitnami/charts/issues/4694) + +## 12.3.0 (2020-12-10) + +* [bitnami/kafka] Add extra initContainers parameter (#4658) ([4e1edc8](https://github.com/bitnami/charts/commit/4e1edc8ac898660d84dca5cfec6bdaee37012861)), closes [#4658](https://github.com/bitnami/charts/issues/4658) + +## 12.2.4 (2020-12-03) + +* [bitnami/kafka,kube-prometheus,kubernetes-event-exporter] Replace K8s List (#4575) ([b363798](https://github.com/bitnami/charts/commit/b363798688645342ed9f8588c13615458f017974)), closes [#4575](https://github.com/bitnami/charts/issues/4575) [#4559](https://github.com/bitnami/charts/issues/4559) + +## 12.2.3 (2020-12-03) + +* [bitnami/kafka] Fix Kafka website url (#4588) ([e284668](https://github.com/bitnami/charts/commit/e2846682a1593e40e0d3e5c57b2004b4324056d9)), closes [#4588](https://github.com/bitnami/charts/issues/4588) + +## 12.2.2 (2020-12-02) + +* [bitnami/kafka] Use autoDiscovery values for NodePort external access (#4545) ([ce1bb73](https://github.com/bitnami/charts/commit/ce1bb7346be2c53bd9b2db0f35200bd948e765bb)), closes [#4545](https://github.com/bitnami/charts/issues/4545) + +## 12.2.1 (2020-11-25) + +* [bitnami/kafka] Fix typo in custom liveness and readiness probes (#4491) ([17d7250](https://github.com/bitnami/charts/commit/17d7250fba350b2e311bca83c61f9746cc765ee9)), closes [#4491](https://github.com/bitnami/charts/issues/4491) + +## 12.2.0 (2020-11-25) + +* [bitnami/*] Affinity based on common presets (ii) (#4472) ([934259f](https://github.com/bitnami/charts/commit/934259f78127c53c747dfff5e5df9f67738ec79c)), closes [#4472](https://github.com/bitnami/charts/issues/4472) +* [bitnami/kafka] Update README.md (#4441) ([be46cb1](https://github.com/bitnami/charts/commit/be46cb1e466088698506b23f5a98bde96eb10434)), closes [#4441](https://github.com/bitnami/charts/issues/4441) + +## 12.1.0 (2020-11-16) + +* [bitnami/kafka] Move kafka's logs to the persistence storage (#4234) ([fb83c60](https://github.com/bitnami/charts/commit/fb83c6088ee0a841caf2e6ff42074dd5d27cdea2)), closes [#4234](https://github.com/bitnami/charts/issues/4234) + +## 12.0.0 (2020-11-11) + +* [bitnami/kafka] Major version. Adapt Chart to apiVersion: v2 (#4329) ([32625a9](https://github.com/bitnami/charts/commit/32625a9f26a70f3aff20f8c5aebd7a8ec3e75f54)), closes [#4329](https://github.com/bitnami/charts/issues/4329) + +## 11.8.9 (2020-11-06) + +* [bitnami/*] Include link to Troubleshootin guide on README.md (#4136) ([c08a20e](https://github.com/bitnami/charts/commit/c08a20e3db004215383004ff023a73fcc2522e72)), closes [#4136](https://github.com/bitnami/charts/issues/4136) +* [bitnami/kafka]Use template for log4j configuration (#4181) ([ae10687](https://github.com/bitnami/charts/commit/ae1068771d9928b153d7fe7a60598650366b4b9d)), closes [#4181](https://github.com/bitnami/charts/issues/4181) + +## 11.8.8 (2020-10-21) + +* [bitnami/kafka] Release 11.8.8 updating components versions ([42a9bd5](https://github.com/bitnami/charts/commit/42a9bd512093b2977e5faeaaa0f7e3a59170a8ff)) + +## 11.8.7 (2020-10-14) + +* [bitnami/kafka] Add docs clarity on interaction of config, existingConfigmap and environment variabl ([d6b3ff9](https://github.com/bitnami/charts/commit/d6b3ff9a210906c99d0733df70a7e401df7d31f5)), closes [#3971](https://github.com/bitnami/charts/issues/3971) + +## 11.8.6 (2020-09-29) + +* [bitnami/kafka] Sync README.md with values (#3802) ([ed8cbba](https://github.com/bitnami/charts/commit/ed8cbbaaa50ad869d76430c1948d56f1df9bf6bd)), closes [#3802](https://github.com/bitnami/charts/issues/3802) + +## 11.8.5 (2020-09-21) + +* [bitnami/kafka] Release 11.8.5 updating components versions ([34ed2fb](https://github.com/bitnami/charts/commit/34ed2fba214d2459eaa9bca218963c52e223e28d)) + +## 11.8.4 (2020-09-06) + +* [bitnami/kafka] Release 11.8.4 updating components versions ([591c458](https://github.com/bitnami/charts/commit/591c45810b0756ad8513dd1ea3c0d37be8c81eea)) +* [bitnami/metrics-server] Add source repo (#3577) ([1ed12f9](https://github.com/bitnami/charts/commit/1ed12f96af75322b46afdb2b3d9907c11b13f765)), closes [#3577](https://github.com/bitnami/charts/issues/3577) + +## 11.8.3 (2020-09-02) + +* [bitnami/kafka] Improves NOTES.txt for users (#3534) ([553783f](https://github.com/bitnami/charts/commit/553783f6a3437719e2b17a3f485047ad0ab73a3b)), closes [#3534](https://github.com/bitnami/charts/issues/3534) + +## 11.8.2 (2020-08-24) + +* fix kafka_jaas.conf filepath in KAFKA_OPTS (#3492) ([6b861b1](https://github.com/bitnami/charts/commit/6b861b17f4f9b5a6c3450585afb5da6fdc009d77)), closes [#3492](https://github.com/bitnami/charts/issues/3492) + +## 11.8.1 (2020-08-18) + +* [bitnami/kafka] fix: use the proper loadBalancerSourceRanges (#3453) ([bb9c09e](https://github.com/bitnami/charts/commit/bb9c09eb78551a103f018af3af32e75318156dfc)), closes [#3453](https://github.com/bitnami/charts/issues/3453) + +## 11.8.0 (2020-08-07) + +* [bitnami/kafka] Add external connection to cluster LB (#3343) ([5e38c48](https://github.com/bitnami/charts/commit/5e38c481eb04dff0c19c160e3df0bf5865694cd0)), closes [#3343](https://github.com/bitnami/charts/issues/3343) + +## 11.7.3 (2020-08-07) + +* [bitnami/kafka] Release 11.7.3 updating components versions ([ab0d4c0](https://github.com/bitnami/charts/commit/ab0d4c00161c7c2509fc26bf643ac91baa4b18a9)) + +## 11.7.2 (2020-08-06) + +* [bitnami/kafka] Fix typo in helpers (#3344) ([19759aa](https://github.com/bitnami/charts/commit/19759aa04e489af2e50a92c328a5a32b2eebf5ff)), closes [#3344](https://github.com/bitnami/charts/issues/3344) + +## 11.7.1 (2020-08-05) + +* [bitnami/kafka] Fix typo in kafka.tplValue (#3327) ([84fe78e](https://github.com/bitnami/charts/commit/84fe78e17b9953cd3492510dccfb3f8b45a73751)), closes [#3327](https://github.com/bitnami/charts/issues/3327) + +## 11.7.0 (2020-08-03) + +* [bitnami/kafka] Add paramters to configure SASL_SCRAM (#3270) ([c033cbd](https://github.com/bitnami/charts/commit/c033cbd8e9848b24c55ee594d84df99edbb16530)), closes [#3270](https://github.com/bitnami/charts/issues/3270) + +## 11.6.6 (2020-07-31) + +* [bitnami/*] Fix TL;DR typo in READMEs (#3280) ([3d7ab40](https://github.com/bitnami/charts/commit/3d7ab406fecd64f1af25f53e7d27f03ec95b29a4)), closes [#3280](https://github.com/bitnami/charts/issues/3280) +* [bitnami/kafka] Allow externalZookeepers.servers to specified both as array and string (#3286) ([de7c077](https://github.com/bitnami/charts/commit/de7c0772806b35d78b3dbee4c5e47dc83c5c9d00)), closes [#3286](https://github.com/bitnami/charts/issues/3286) + +## 11.6.5 (2020-07-30) + +* [bitnami/kafka] Release 11.6.5 updating components versions ([5de4d92](https://github.com/bitnami/charts/commit/5de4d92b98386c160f90b4f1a65186fb0e39971b)) + +## 11.6.4 (2020-07-28) + +* [bitnami/kafka] Fix metrics annotations (#3252) ([c004e42](https://github.com/bitnami/charts/commit/c004e42f36834b96b2ac351c7396751a2ccb58dd)), closes [#3252](https://github.com/bitnami/charts/issues/3252) + +## 11.6.3 (2020-07-28) + +* [bitnami/kafka] Fix typo in NOTES.txt (#3249) ([8cc2cea](https://github.com/bitnami/charts/commit/8cc2cea18e2558eb0b73b62bfe9d2ff7b690459f)), closes [#3249](https://github.com/bitnami/charts/issues/3249) + +## 11.6.2 (2020-07-27) + +* [bitnami/kafka] Fix instructions to use a producer (#3236) ([6b94839](https://github.com/bitnami/charts/commit/6b94839ba4cf2a3d7ff8b392c6597dfe1d7c074e)), closes [#3236](https://github.com/bitnami/charts/issues/3236) + +## 11.6.1 (2020-07-27) + +* [bitnami/kafka] External Access: use the same target port regardless the svc type (#3209) ([37b355b](https://github.com/bitnami/charts/commit/37b355bb9f8f2663fc82e0de9b242b93ba3f8820)), closes [#3209](https://github.com/bitnami/charts/issues/3209) + +## 11.6.0 (2020-07-23) + +* [bitnami/kafka] Add custom labels/annotations parameters (#3193) ([8ea744a](https://github.com/bitnami/charts/commit/8ea744abed5bed174828f7972817923735c0ada3)), closes [#3193](https://github.com/bitnami/charts/issues/3193) + +## 11.5.1 (2020-07-17) + +* [bitnami/kafka] Release 11.5.1 updating components versions ([940a617](https://github.com/bitnami/charts/commit/940a61741b353a1badad73f8f2cc4226e0cf7556)) + +## 11.5.0 (2020-07-16) + +* [bitnami/kafka] Add parameters to configure command and args for Kafka pod (#3128) ([f357326](https://github.com/bitnami/charts/commit/f357326ed934cb94270e291a1ba83d8495bf6698)), closes [#3128](https://github.com/bitnami/charts/issues/3128) + +## 11.4.1 (2020-07-16) + +* [bitnami/kafka] Release 11.4.1 updating components versions ([0bbfff9](https://github.com/bitnami/charts/commit/0bbfff92d85a923656cb4e9a4b9d17e8083c7f89)) + +## 11.4.0 (2020-07-13) + +* [bitnami/all] Add categories (#3075) ([63bde06](https://github.com/bitnami/charts/commit/63bde066b87a140fab52264d0522401ab3d63509)), closes [#3075](https://github.com/bitnami/charts/issues/3075) +* [bitnami/kafka] Add support for deploying extra resources (#3101) ([07a0dad](https://github.com/bitnami/charts/commit/07a0dad896365b30c0ccfe3bb9e9a9ee6c5eb498)), closes [#3101](https://github.com/bitnami/charts/issues/3101) + +## 11.3.4 (2020-07-08) + +* [bitnami/kafka] Release 11.3.4 updating components versions ([635a514](https://github.com/bitnami/charts/commit/635a5149c7797d53144b3c120eff703a30be099a)) + +## 11.3.3 (2020-07-08) + +* [bitnami/kafka] Avoid confusion around Kafka broker ID (#3062) ([b834cc9](https://github.com/bitnami/charts/commit/b834cc97b2b2fc799fe14351d9678cbc39e275a8)), closes [#3062](https://github.com/bitnami/charts/issues/3062) + +## 11.3.2 (2020-07-02) + +* [bitnami/kafka] Release 11.3.2 updating components versions ([bade53e](https://github.com/bitnami/charts/commit/bade53ed0fc88e2e90f6a41006ceabbe3fdaa42a)) + +## 11.3.1 (2020-06-25) + +* [bitnami/kafka] Release 11.3.1 updating components versions ([39e0316](https://github.com/bitnami/charts/commit/39e03162ed1bea5cf42247b69303027d9eb74175)) + +## 11.3.0 (2020-06-25) + +* [bitnami/kafka] Provide a way to create JKS secret from local directory (#2923) ([e750b87](https://github.com/bitnami/charts/commit/e750b87eb6778e1d104045dc2462b98bf4b12825)), closes [#2923](https://github.com/bitnami/charts/issues/2923) + +## 11.2.4 (2020-06-24) + +* [bitnami/kafka] Release 11.2.4 updating components versions ([30a9d12](https://github.com/bitnami/charts/commit/30a9d12d6eb6e09567047d66a5fb1615322e9c84)) + +## 11.2.3 (2020-06-23) + +* [bitnami/kafka] Remove line used for debugging purposes (#2903) ([e7d5d76](https://github.com/bitnami/charts/commit/e7d5d767409fc8b34a3f6f2f60d45bb662a8775e)), closes [#2903](https://github.com/bitnami/charts/issues/2903) + +## 11.2.2 (2020-06-19) + +* [bitnami/kafka] Fix conflict when mounting custom configuration, and JKS files from a secret (#2886) ([1e8738c](https://github.com/bitnami/charts/commit/1e8738c5a99e1a04802ed62d322bf22eb36e25e9)), closes [#2886](https://github.com/bitnami/charts/issues/2886) + +## 11.2.1 (2020-06-17) + +* [bitnami/kafka] docs: "Upgrading" typo & formatting (#2835) ([068efd9](https://github.com/bitnami/charts/commit/068efd93b3afde84059d7159a6323a10881a6866)), closes [#2835](https://github.com/bitnami/charts/issues/2835) + +## 11.2.0 (2020-06-12) + +* [bitnami/kafka] Add custom liveness/readiness probe support (#2809) ([5152ee7](https://github.com/bitnami/charts/commit/5152ee7fa3722abce307b61dd72b867bd353656c)), closes [#2809](https://github.com/bitnami/charts/issues/2809) + +## 11.1.2 (2020-06-09) + +* [bitnami/kafka] kafka-exporter-certificates chmod (#2764) ([a413699](https://github.com/bitnami/charts/commit/a413699d7800652a4d1be450f692b7011c4be23c)), closes [#2764](https://github.com/bitnami/charts/issues/2764) + +## 11.1.1 (2020-06-08) + +* [bitnami/kafka] Fix exporter when authentication is disabled (#2779) ([06abd2b](https://github.com/bitnami/charts/commit/06abd2b0e3611ebeff896e744b11a6a2464bd05b)), closes [#2779](https://github.com/bitnami/charts/issues/2779) + +## 11.1.0 (2020-06-05) + +* [bitnami/kafka] add k8s priorityclass in statefulset (#2754) ([34a3d8d](https://github.com/bitnami/charts/commit/34a3d8d92695b61ca5c966d71242f95f98f496e2)), closes [#2754](https://github.com/bitnami/charts/issues/2754) + +## 11.0.2 (2020-06-05) + +* [bitnami/kafka] Fix issue with custom ports for inter-broker communications (#2756) ([d310b3a](https://github.com/bitnami/charts/commit/d310b3a3d555e0c852a0334bc318c74992e578b5)), closes [#2756](https://github.com/bitnami/charts/issues/2756) + +## 11.0.1 (2020-06-04) + +* [bitnami/kafka] fix kafka-exporter-certificates secret volume definition (#2752) ([49ec1e1](https://github.com/bitnami/charts/commit/49ec1e116ed5cb12a71da7b2b598c2a6e8ed31aa)), closes [#2752](https://github.com/bitnami/charts/issues/2752) + +## 11.0.0 (2020-06-02) + +* [bitnami/kafka] Refactor listeners and authentication configuration (#2708) ([ca74711](https://github.com/bitnami/charts/commit/ca74711aaf6000a2f9154d74b9904e66605f22d0)), closes [#2708](https://github.com/bitnami/charts/issues/2708) +* update bitnami/common to be compatible with helm v2.12+ (#2615) ([c7751eb](https://github.com/bitnami/charts/commit/c7751eb5764e468e1854b58a1b8491d2b13e0a4a)), closes [#2615](https://github.com/bitnami/charts/issues/2615) + +## 10.3.3 (2020-05-11) + +* [bitnami/kafka] Check if existingLog4jConfigMap exists instead of existingConfigmap (#2562) ([f45f622](https://github.com/bitnami/charts/commit/f45f62270a7b9e91c5dbedacdacfd12eb5b72398)), closes [#2562](https://github.com/bitnami/charts/issues/2562) + +## 10.3.2 (2020-04-28) + +* [bitnami/kafka] Improve "Security for Kafka and Zookeeper" README (#2450) ([a9adf15](https://github.com/bitnami/charts/commit/a9adf1517fc1337a6a27fe2dc6eb9ee52904af02)), closes [#2450](https://github.com/bitnami/charts/issues/2450) + +## 10.3.1 (2020-04-28) + +* [bitnami/kafka] Fix Kafka notes after bitnami-docker-kafka/pull/91 (#2444) ([7e08a5a](https://github.com/bitnami/charts/commit/7e08a5a60cf30e0502156a5f68c1834b4300f1fc)), closes [#2444](https://github.com/bitnami/charts/issues/2444) + +## 10.3.0 (2020-04-24) + +* [bitnami/kafka] Add parameters to define extra volume/volumeMount(s) (#2416) ([593112f](https://github.com/bitnami/charts/commit/593112fd85a80be432d5a3f50215301b3868f33b)), closes [#2416](https://github.com/bitnami/charts/issues/2416) + +## 10.2.6 (2020-04-22) + +* [bitnami/kafka & nginx] Manually update git and kubectl tags (#2385) ([941a647](https://github.com/bitnami/charts/commit/941a6474d1bf88895d3cd9f4d184de06894c489c)), closes [#2385](https://github.com/bitnami/charts/issues/2385) + +## 10.2.5 (2020-04-22) + +* [bitnami/kafka] Release 10.2.5 updating components versions ([a1f46a8](https://github.com/bitnami/charts/commit/a1f46a8b87c9f7ef6cd63f91175a113a3cce6be5)) + +## 10.2.4 (2020-04-22) + +* [bitnami/kafka] Release 10.2.4 updating components versions ([550110f](https://github.com/bitnami/charts/commit/550110fdee477623b05bb7196f16c9fbcc1fd58a)) + +## 10.2.3 (2020-04-16) + +* [bitnami/kafka] Release 10.2.3 updating components versions ([5e14618](https://github.com/bitnami/charts/commit/5e14618f1c7eaf0dd7fcc1d75b2c980ec50b6c14)) + +## 10.2.2 (2020-04-15) + +* [bitnami/kafka] Release 10.2.2 updating components versions ([040d3b6](https://github.com/bitnami/charts/commit/040d3b6d8fac528ac8cdaade81a1dd71fcd1c481)) + +## 10.2.1 (2020-04-15) + +* [bitnami/kafka] Broaden jsonpath query (#2291) ([e1b9c80](https://github.com/bitnami/charts/commit/e1b9c80816c939e0ea4f615112e110055d015169)), closes [#2291](https://github.com/bitnami/charts/issues/2291) + +## 10.2.0 (2020-04-09) + +* [bitnami/kafka] Add templated pod labels to statefulset (#2269) ([b36a601](https://github.com/bitnami/charts/commit/b36a60158c476e3a128edfce8df7b80600a8e11e)), closes [#2269](https://github.com/bitnami/charts/issues/2269) + +## 10.1.1 (2020-04-09) + +* [bitnami/kafka] Release 10.1.1 updating components versions ([0b1b9e3](https://github.com/bitnami/charts/commit/0b1b9e3b2a27dbb904dcc89c5317e1175d3f39aa)) + +## 10.1.0 (2020-04-07) + +* [bitnami/kafka] Added variable to enable/disable auto creation of topics. (#2230) ([42a6a73](https://github.com/bitnami/charts/commit/42a6a737df93c5d012658415f9fe6b1cff638707)), closes [#2230](https://github.com/bitnami/charts/issues/2230) + +## 10.0.0 (2020-04-06) + +* [bitnami/kafka] Add optional log4j config to overwrite log4j.properties. (#2121) ([33455f9](https://github.com/bitnami/charts/commit/33455f9f6afe227dd8cba92d7edcd7c2a9f3eadb)), closes [#2121](https://github.com/bitnami/charts/issues/2121) + +## 9.0.6 (2020-04-03) + +* [bitnami/kafka] Fix autodiscovery when using NodePort svc type (#2214) ([6fa1d09](https://github.com/bitnami/charts/commit/6fa1d098b46a924ffbde121e4ebbf051534e2520)), closes [#2214](https://github.com/bitnami/charts/issues/2214) + +## 9.0.5 (2020-04-02) + +* [bitnami/kafka] Use emptyDir when persistence is disabled (#2195) ([8dde59c](https://github.com/bitnami/charts/commit/8dde59cf119c782fca3349bd7451727290251edf)), closes [#2195](https://github.com/bitnami/charts/issues/2195) + +## 9.0.4 (2020-03-27) + +* [bitnami/kafka] Fix metrics ports on servicemonitor (#2145) ([59b48d3](https://github.com/bitnami/charts/commit/59b48d3b6997f30919f0ded003ec2c81c9c34751)), closes [#2145](https://github.com/bitnami/charts/issues/2145) + +## 9.0.3 (2020-03-26) + +* [bitnami/kafka] Release 9.0.3 updating components versions ([5026d5d](https://github.com/bitnami/charts/commit/5026d5dbe3226473e6e940d1b2db69f56d8368dd)) + +## 9.0.2 (2020-03-24) + +* [bitnami/kafka] Update README.md (#2125) ([524b338](https://github.com/bitnami/charts/commit/524b338147034b6964d9ca76c23b9951f934e220)), closes [#2125](https://github.com/bitnami/charts/issues/2125) + +## 9.0.1 (2020-03-24) + +* [bitnami/kafka] Fix SSL nodeport on external-access svc (#2124) ([a384700](https://github.com/bitnami/charts/commit/a3847007a03b83712c6fc8a5836d69ac99ad0a54)), closes [#2124](https://github.com/bitnami/charts/issues/2124) + +## 9.0.0 (2020-03-23) + +* [bitnami/kafka] Support external access to every broker auto-discovering external ips/ports (#2098) ([e85995f](https://github.com/bitnami/charts/commit/e85995f809d8d92d9eebbd05617070457708e152)), closes [#2098](https://github.com/bitnami/charts/issues/2098) + +## 8.0.1 (2020-03-20) + +* [bitnami/kafka] Release 8.0.1 updating components versions ([cf70e8b](https://github.com/bitnami/charts/commit/cf70e8b2ff563bb7acd64e9d4c1b354cd2d69ba0)) + +## 8.0.0 (2020-03-17) + +* [bitnami/kafka] Update major version (#2070) ([d160623](https://github.com/bitnami/charts/commit/d16062390bd38bd537b0d98bba50092f3e993452)), closes [#2070](https://github.com/bitnami/charts/issues/2070) + +## 7.4.0 (2020-03-17) + +* [bitnami/kafka] Achieve consistent broker ids during cluster restart/rebuild (#2028) ([5622f31](https://github.com/bitnami/charts/commit/5622f3120a2f5f8ed7bef73ced0c47e7133befc1)), closes [#2028](https://github.com/bitnami/charts/issues/2028) +* add podannotations to kafka-exporter (#2062) ([e039d22](https://github.com/bitnami/charts/commit/e039d2225fab85d508acf07c414ddc91d90cfc1c)), closes [#2062](https://github.com/bitnami/charts/issues/2062) + +## 7.3.5 (2020-03-13) + +* [bitnami/kafka] Release 7.3.5 updating components versions ([cae9024](https://github.com/bitnami/charts/commit/cae902490c36376c4eb901fb125a320d02f83e6e)) + +## 7.3.4 (2020-03-12) + +* Fix typo in truststore file name (#2040) ([2528fed](https://github.com/bitnami/charts/commit/2528fed82dbb4db9234cd35118fdbf2b15418bd3)), closes [#2040](https://github.com/bitnami/charts/issues/2040) + +## 7.3.3 (2020-03-12) + +* [bitnami/kafka] Release 7.3.3 updating components versions ([e1a260f](https://github.com/bitnami/charts/commit/e1a260f1c3193d1423476cf7da4a53de00e31c5d)) + +## 7.3.2 (2020-03-11) + +* Move charts from upstreamed folder to bitnami (#2032) ([a0e44f7](https://github.com/bitnami/charts/commit/a0e44f7d6a10b8b5643186130ea420887cb72c7c)), closes [#2032](https://github.com/bitnami/charts/issues/2032) + +## 7.3.1 (2020-03-05) + +* [bitnami/kafka] Release 7.3.1 updating components versions ([9cfee5c](https://github.com/bitnami/charts/commit/9cfee5cb8f63e3f97c8d69f0eef820710035c133)) + +## 7.3.0 (2020-03-04) + +* [bitnami/kafka] add chart param to configure annotations from kafka metrics deployment (#1990) ([a4a1783](https://github.com/bitnami/charts/commit/a4a1783d5dbf50b62dbc964867a9901d24f9f4b5)), closes [#1990](https://github.com/bitnami/charts/issues/1990) + +## 7.2.9 (2020-02-26) + +* [bitnami/kafka] Release 7.2.9 updating components versions ([d23d0b9](https://github.com/bitnami/charts/commit/d23d0b950eb75b1961500e27d867ac8923f2b9be)) + +## 7.2.8 (2020-02-24) + +* Fix svc-external-access template ([94f836f](https://github.com/bitnami/charts/commit/94f836fd6b0d3b09bb54a61d20edd7a8dcef95ca)) + +## 7.2.7 (2020-02-24) + +* [bitnami/kafka] add missed service annotations for external access service (#1965) ([50650fa](https://github.com/bitnami/charts/commit/50650fa53ba0cfaa094b087f3acdcef08b80b71e)), closes [#1965](https://github.com/bitnami/charts/issues/1965) + +## 7.2.6 (2020-02-20) + +* [bitnami/kafka] Release 7.2.6 updating components versions ([95b5741](https://github.com/bitnami/charts/commit/95b5741c04cea5a7efea139b1664ef793a6ee43b)) + +## 7.2.5 (2020-02-19) + +* [bitnami/*] Fix requirements.lock (#1950) ([1fa6eb9](https://github.com/bitnami/charts/commit/1fa6eb9f56ea7c47a7425a33417edb8eb366a180)), closes [#1950](https://github.com/bitnami/charts/issues/1950) + +## 7.2.4 (2020-02-18) + +* [bitnami/kafka] Release 7.2.4 updating components versions ([76c5b63](https://github.com/bitnami/charts/commit/76c5b6340284d898839fe652ad398c09aed6e67f)) +* [bitnami/several] Adapt READMEs and helpers to Helm 3 (#1911) ([40ee57c](https://github.com/bitnami/charts/commit/40ee57cf5164717357e1627b55bf25f59c40fbd1)), closes [#1911](https://github.com/bitnami/charts/issues/1911) + +## 7.2.3 (2020-02-10) + +* [bitnami/several] Replace stretch by buster in minideb secondary containers (#1900) ([678febc](https://github.com/bitnami/charts/commit/678febc237594606f2505ba98c651a8ab8f484ab)), closes [#1900](https://github.com/bitnami/charts/issues/1900) + +## 7.2.2 (2020-02-07) + +* [bitnami/kafka] Fix dependencies (#1891) ([bd035aa](https://github.com/bitnami/charts/commit/bd035aafe96a011345c936baee78dfacc9cd6d94)), closes [#1891](https://github.com/bitnami/charts/issues/1891) + +## 7.2.1 (2020-02-03) + +* Add Juan feedback ([32d9f63](https://github.com/bitnami/charts/commit/32d9f637da450fb239c49925a96c83b31f1de317)) +* Add missing colon ([02782c6](https://github.com/bitnami/charts/commit/02782c658580090e37a710aea34dc0303f88bf19)) +* bumping zookeeper version ([bf80f45](https://github.com/bitnami/charts/commit/bf80f453cdf3e47223097c706eb27831acd12ffc)) +* Fix linter issues ([b887560](https://github.com/bitnami/charts/commit/b887560101cede566b054e6990d830fb7203c62a)) +* Set external port for listeners ([136776b](https://github.com/bitnami/charts/commit/136776bf40de8ebc7fcb7d46626e2227ac4347ad)) + +## 7.2.0 (2020-01-27) + +* [stable/bitnami] Allow to access Kafka brokers from outside K8s cluster ([8dba9d1](https://github.com/bitnami/charts/commit/8dba9d1cb0d58dfa580c02231126da154b5814a6)) + +## 7.1.3 (2020-01-24) + +* [bitnami/kafka] Release 7.1.3 updating components versions ([964afe4](https://github.com/bitnami/charts/commit/964afe482c5473dd58055432fd7618786e06a318)) + +## 7.1.2 (2020-01-14) + +* [bitnami/kafka] Release 7.1.2 updating components versions ([f516a01](https://github.com/bitnami/charts/commit/f516a0185a0f888aa9214f6c412b816a2dd67320)) +* building requirements.lock to latest zookeeper version ([653ce1d](https://github.com/bitnami/charts/commit/653ce1dec660a80307bc4fcdde8448563f415627)) +* Readd requirements.yaml dependency file ([23fa845](https://github.com/bitnami/charts/commit/23fa845681b925bb2e96839d6a7df61b2989d55a)) +* Remove dependency from Chart.yaml ([43d44d1](https://github.com/bitnami/charts/commit/43d44d10f11d6ddf3bc7351fe64716a7516cf3c6)) +* remove requirements files as no longer needed in helm 3 ([94e6c6b](https://github.com/bitnami/charts/commit/94e6c6be65f6bd76cccc5e0aca7dd79597a40616)) + +## 7.1.1 (2020-01-02) + +* adding creating serviceAccount name to template ([8d67a6e](https://github.com/bitnami/charts/commit/8d67a6e9fb3d594cfbba0fbd28d83459bdde6523)) +* fix kafka dependency to latest (zookeeper) ([7b1d0a1](https://github.com/bitnami/charts/commit/7b1d0a1e6b8d3c842141de3743fbbb72c953ea78)) +* Fix typo ([57435f6](https://github.com/bitnami/charts/commit/57435f62364f3640a37df3aa02c3fc02b559e60c)) +* Fix typo ([2f6c486](https://github.com/bitnami/charts/commit/2f6c486b1077ea226b69f9e8b5ebbd11e683535e)) +* fixing indentation ([b335a87](https://github.com/bitnami/charts/commit/b335a8797c3dd97852e71b4ccea5889e5a475500)) +* Unify comments ([e59513b](https://github.com/bitnami/charts/commit/e59513b09f53864ffc7cca98bc82beac388fc701)) +* Unify comments 2 ([6871f82](https://github.com/bitnami/charts/commit/6871f823aa6f3f0f80b4f9ee9d1fa0a0bc6323d5)) +* Update bitnami/kafka/README.md ([a19825a](https://github.com/bitnami/charts/commit/a19825a96d1483e1ba5b4c9233bc0c01bed0194b)) +* Update bitnami/kafka/templates/serviceaccount.yaml ([eb71120](https://github.com/bitnami/charts/commit/eb71120453b49fd1a4d2587db48b0944e50db089)) +* Update bitnami/kafka/templates/statefulset.yaml ([3bf5182](https://github.com/bitnami/charts/commit/3bf518220000eaf03c56f314840cb5610452e75e)) + +## 7.1.0 (2019-12-29) + +* add an option to create a service account for the kafka node ([3a92f97](https://github.com/bitnami/charts/commit/3a92f971cbbf3c9a5f13ec8206a85ecfca7fb9c5)) +* bump version and update README.md ([ed35631](https://github.com/bitnami/charts/commit/ed3563167ceca3d9b56fddbed5a4bd06bdfd7069)) + +## 7.0.5 (2019-12-17) + +* [bitnami/kafka] Release 7.0.5 updating components versions ([783300a](https://github.com/bitnami/charts/commit/783300a0837e787b91187889ccdeb255108cf8ee)) + +## 7.0.4 (2019-12-04) + +* Bump patch version ([7994c7c](https://github.com/bitnami/charts/commit/7994c7c754d377bc34bc1bfffbcdf0cc4ace4268)) +* Update typo in kafka statefulset ([69dcd96](https://github.com/bitnami/charts/commit/69dcd964cd7da9a24f656ddc835c345bb914b260)) + +## 7.0.3 (2019-11-24) + +* [bitnami/kafka] Release 7.0.3 updating components versions ([efd4ead](https://github.com/bitnami/charts/commit/efd4eade867b8f45ea3da71f15ec1f57132ebee9)) + +## 7.0.2 (2019-11-12) + +* [bitnami/kafka] Fix values.yaml ([f5e626f](https://github.com/bitnami/charts/commit/f5e626f4f2522c48ba2002e079c6f74be16efefb)) + +## 7.0.1 (2019-11-12) + +* [bitnami/kafka] Lint chart ([da33411](https://github.com/bitnami/charts/commit/da33411d86a9f58e871d618bcd571cf172575077)) +* Add workaround for upgrading ([7cec7c7](https://github.com/bitnami/charts/commit/7cec7c75b57cf165ff4322b5bd6f33b25a77a997)) +* Fix 'upgrade' command ([379b2a9](https://github.com/bitnami/charts/commit/379b2a9292b8501654652eb33aee68a3edb0d213)) + +## 7.0.0 (2019-11-12) + +* [bitnami/kafka] Fix labels on kafka exporter & add metric services ([413daa1](https://github.com/bitnami/charts/commit/413daa10d818976755b685813cc97e1df77cbc5d)) +* Update kafka-exporter.yaml ([ee6bd44](https://github.com/bitnami/charts/commit/ee6bd4463af7ffc564da6aa76c2109680642957a)) +* Update servicemonitor.yaml ([d53c26a](https://github.com/bitnami/charts/commit/d53c26af44738bdda86889cf94cc1db73215d94a)) +* Update statefulset.yaml ([137fb43](https://github.com/bitnami/charts/commit/137fb4395b7e9f732207e6de944d2abb705b0c5e)) + +## 6.1.8 (2019-11-11) + +* Use port name instead of the value ([872e01e](https://github.com/bitnami/charts/commit/872e01e0e6ac8a265e412e1c6735afd9128bba6d)) + +## 6.1.7 (2019-11-11) + +* Add SSL enable value ([9dd0286](https://github.com/bitnami/charts/commit/9dd02861546a359c737fad7d5d749d061a381381)) +* Fix default values for SSL enabled ([a9500d7](https://github.com/bitnami/charts/commit/a9500d7a8d20dc801794f4eb96c23a4699df6421)) +* Fix port in serviceMonitor ([e5af275](https://github.com/bitnami/charts/commit/e5af275236d647981b3454cc413dce541fd303a9)) + +## 6.1.6 (2019-10-27) + +* Add SSL Support for Kafka with Listeners & Container port set ([8251aec](https://github.com/bitnami/charts/commit/8251aec5abd1145c303cd825a42a54b18764fd7b)) +* Update chart version ([0a82edc](https://github.com/bitnami/charts/commit/0a82edc26f1f82e6a390d5f278fae064b4a5b312)) + +## 6.1.5 (2019-10-25) + +* [bitnami/kafka] Release 6.1.5 updating components versions ([4356fff](https://github.com/bitnami/charts/commit/4356fffd7b387562baefebc1273eea6aae6369f9)) + +## 6.1.4 (2019-10-24) + +* [bitnami/kafka] Specify LOG_MESSAGE_FORMAT_VERSION env-var if not empty (#1515) ([47d948d](https://github.com/bitnami/charts/commit/47d948df2b54f447c7ea17d7578993b78c1e7438)), closes [#1515](https://github.com/bitnami/charts/issues/1515) +* Fix links because of section renaming ([8e6fa3b](https://github.com/bitnami/charts/commit/8e6fa3bf7e3198954b6af507cf143fd4870c1c33)) + +## 6.1.3 (2019-10-23) + +* Adapt README in charts (II) ([4705a98](https://github.com/bitnami/charts/commit/4705a98e346aae7e784ee27cd8c58d0f8e8411f3)) + +## 6.1.2 (2019-10-23) + +* [bitnami/kafka] Release 6.1.2 updating components versions ([363224b](https://github.com/bitnami/charts/commit/363224b11eb854e2033d3405e4b0a44a22321d5f)) + +## 6.1.1 (2019-10-23) + +* [bitnami/kafka] Fixes error when using `externalZookeeper.servers` in a subchart (#1507) ([e747047](https://github.com/bitnami/charts/commit/e747047f53554f3b62f8c3bcd6d12d0b022e21ee)), closes [#1507](https://github.com/bitnami/charts/issues/1507) + +## 6.1.0 (2019-10-16) + +* [bitnami/kafka] Add Metrics Servicemonitor ([8ab7211](https://github.com/bitnami/charts/commit/8ab7211d8e303aee820ec86bbb41f703442a6756)) + +## 6.0.2 (2019-10-08) + +* [bitnami/kafka] Standardize README.md ([d19e748](https://github.com/bitnami/charts/commit/d19e7480ca38222058636eb3fc5e0aab96029fcb)) +* Change default value of logsDirs in README and values files. ([ab2b774](https://github.com/bitnami/charts/commit/ab2b77488d4660f7372c2afea426a76c58362e3c)) + +## 6.0.1 (2019-09-23) + +* [bitnami/kafka] Update components versions ([3a6d392](https://github.com/bitnami/charts/commit/3a6d392add58c4dcf8d186e78f353f73426b9b05)) +* Bump Kafka chart version. ([8bb9e2b](https://github.com/bitnami/charts/commit/8bb9e2b8a8c6f05f1cc0bb263706f893638fb11e)) +* Change logsDirs to correctly use persistent disk as per README. ([bf127f0](https://github.com/bitnami/charts/commit/bf127f01e40c17dfb3d1f44f4aaa0dff4fc6e005)) + +## 6.0.0 (2019-09-23) + +* Bump major version ([4743d1c](https://github.com/bitnami/charts/commit/4743d1c3f2b96e91841c62bb22c4651db83922c0)) + +## 5.3.2 (2019-09-23) + +* [bitnami/kafka] Update dependencies ([dfd15af](https://github.com/bitnami/charts/commit/dfd15af0a55202935e41b09bcbba3f581d1c25fd)) + +## 5.3.1 (2019-09-20) + +* [bitnami/*] Update apiVersion on sts, deployments, daemonsets and podsecuritypolicies ([4dfac07](https://github.com/bitnami/charts/commit/4dfac075aacf74405e31ae5b27df4369e84eb0b0)) + +## 5.3.0 (2019-09-05) + +* fix minor version ([0fb2f2b](https://github.com/bitnami/charts/commit/0fb2f2bf265df432f873273a8469f6319eb0dbd7)) + +## 5.4.0 (2019-09-05) + +* [bitnami/kafka] Fix name of environment variables set in chart ([b026a5a](https://github.com/bitnami/charts/commit/b026a5a8cc78d17aee6a1e61e838851e557ef9b5)) +* Major version for chart ([d930547](https://github.com/bitnami/charts/commit/d930547ee29f92ab8732178ba255bb5bc206b0e9)) +* use minor version instead ([ca634fe](https://github.com/bitnami/charts/commit/ca634fe5cde82a55586ece8b38b1e397364afa21)) + +## 5.2.4 (2019-09-02) + +* [bitnami/kafka] Release 5.2.4 updating components versions ([ba75409](https://github.com/bitnami/charts/commit/ba7540920cacc401956ad0a579165259e339b162)) +* Use stretch instead of buster to be consistent ([decd85f](https://github.com/bitnami/charts/commit/decd85ff9ee57beb656648918b1197b6d8b9d5af)) + +## 5.2.3 (2019-08-30) + +* [bitnami/*] Use buster instead of latest as minideb tag and adapt sysctl ([921e811](https://github.com/bitnami/charts/commit/921e81153c755c5e06b86fbc54841c115f6e10bb)) + +## 5.2.2 (2019-08-22) + +* [bitnami/*] Fix 'storageClass' macros ([f41c193](https://github.com/bitnami/charts/commit/f41c19310b0aba01be37217e530b678ae30a560f)) + +## 5.2.1 (2019-08-21) + +* Refactor StorageClass template to support old Helm versions ([1d7f3df](https://github.com/bitnami/charts/commit/1d7f3df1250d8f3ba7b17add67de6515dd93f1e7)) +* Refactor storageClassTemplate ([1872215](https://github.com/bitnami/charts/commit/1872215effe0a6ff672537387684c8a97fb3093c)) + +## 5.2.0 (2019-08-19) + +* Add global variable to set the storage class to all of the Hekm Charts ([cdb4bdc](https://github.com/bitnami/charts/commit/cdb4bdceda07e03f3902ec2796eab54d2c6f1650)) +* Update charts versions ([9459dbb](https://github.com/bitnami/charts/commit/9459dbbf98c5572f0b92cd3eef8e12ec83a48397)) + +## 5.1.1 (2019-08-13) + +* Update README.md ([c2a0d8e](https://github.com/bitnami/charts/commit/c2a0d8e049da902e383529d77dc5a917a6df9bb5)) +* Updated version numbers ([aa0294b](https://github.com/bitnami/charts/commit/aa0294b246340ed44d76f8cac59338ee685fab5e)) + +## 5.1.0 (2019-08-12) + +* [bitnami/kafka] Use bitnami/kafka-exporter ([8d44d7d](https://github.com/bitnami/charts/commit/8d44d7dc8112fbcf3b5906ba2d2075cd3d7a7765)) + +## 5.0.3 (2019-08-07) + +* Bump chart version ([6d065ff](https://github.com/bitnami/charts/commit/6d065fff7c5f3097aed9948a63034e327e4cdd17)) +* Fix Service port hardcoded ([7ddc1af](https://github.com/bitnami/charts/commit/7ddc1afcaa6e962263f52f610817c92dd8e62208)) + +## 5.0.2 (2019-08-07) + +* [bitnami/kafka] Service port should not be hardcoded ([0e8ffc2](https://github.com/bitnami/charts/commit/0e8ffc2781a8d83329885549096e444fa9347a35)) + +## 5.0.1 (2019-07-30) + +* fix(kafka): Truncate the fullname of zookeeper in a regular way. Should not be too small. ([9c8252e](https://github.com/bitnami/charts/commit/9c8252eb0f742f636a4f7f8e874cc0455fd813b4)) + +## 5.0.0 (2019-07-25) + +* Fix indentation ([c699e9f](https://github.com/bitnami/charts/commit/c699e9f2aed150351c8a7b21717b5a959ef2d2e3)) +* Update dependencies for some bitnami charts ([ff54f7f](https://github.com/bitnami/charts/commit/ff54f7f999f0e4c10a22f7bd40d9dcd314c7937d)) + +## 4.1.0 (2019-07-22) + +* Change kafka ([494405f](https://github.com/bitnami/charts/commit/494405ff3482eb49d7d306699555d91113550801)) +* Long namespace flag instead of -n ([92a50cc](https://github.com/bitnami/charts/commit/92a50cc57adede1e37db4792777efe54bf614f12)) + +## 4.0.2 (2019-07-19) + +* added namespace to 'kubectl exec' commands ([e309e35](https://github.com/bitnami/charts/commit/e309e350097232b6f34ea1c8d33fbec9c657b656)) +* updated kafka helm chart version ([72b7f57](https://github.com/bitnami/charts/commit/72b7f57b1b8121f8e355a6e1a1cda436398101a1)) + +## 4.0.1 (2019-07-18) + +* fix(kafka): Fix mapping value for resources. ([aede4d0](https://github.com/bitnami/charts/commit/aede4d01e63635b0672fcf6c5936a2cf28656f07)) + +## 4.0.0 (2019-07-17) + +* Implement again #1283 changes but bumping the major version ([1ce079c](https://github.com/bitnami/charts/commit/1ce079c789a6c0f5174094af3ea6fb67b6c926fd)), closes [#1283](https://github.com/bitnami/charts/issues/1283) + +## 3.0.16 (2019-07-17) + +* Revert pull request #1283 ([8e5940a](https://github.com/bitnami/charts/commit/8e5940a9260dc722ae1a630a6b6e21df2502323f)), closes [#1283](https://github.com/bitnami/charts/issues/1283) + +## 3.0.15 (2019-07-16) + +* [bitnami/kafka] Fix zookeeper name helper ([86872ab](https://github.com/bitnami/charts/commit/86872abf446ca99afb197caae5758dcdba860342)) +* Use name of the solution for the main container included in the pod ([d031dee](https://github.com/bitnami/charts/commit/d031deec200c22884bdc912814b75717617fc21a)) + +## 3.0.14 (2019-07-11) + +* [bitnami/kafka] bump chart version to 3.0.13 ([6586ec3](https://github.com/bitnami/charts/commit/6586ec32c010fa273d3a4cdb73eefd9e876e0e62)) +* [bitnami/kafka] fix JMX when auth disabled ([175cc9c](https://github.com/bitnami/charts/commit/175cc9cdb244a259b8eb4376f20eb412903a53c1)) +* Change domain by clusterDomain ([4effe5c](https://github.com/bitnami/charts/commit/4effe5c3b9ac9b90feff05a3efa24032523bca91)) +* Standardize component.name & component.fullname functions ([775948e](https://github.com/bitnami/charts/commit/775948eb27ccc5599262002b71f4982cc2b2dc8d)) + +## 3.0.13 (2019-07-01) + +* Create template for cluster domain on Kafka ([e211aa7](https://github.com/bitnami/charts/commit/e211aa7d5587c080cff79ca85e61c639e56e6c82)) + +## 3.0.12 (2019-06-28) + +* [bitnami/kafka] Release 3.0.12 updating components versions ([6b0b69c](https://github.com/bitnami/charts/commit/6b0b69ca163bc2738730056305674c38dcd29b16)) + +## 3.0.11 (2019-06-25) + +* [bitnami/kafka] Release 3.0.11 updating components versions ([e04395c](https://github.com/bitnami/charts/commit/e04395cd8f368ec639ab0dd9a3bb64b6d2c8502e)) + +## 3.0.10 (2019-06-25) + +* [bitnami/kafka] Release 3.0.10 updating components versions ([e06a248](https://github.com/bitnami/charts/commit/e06a248a50b510ef9575ef9013a16a8d8ff8caec)) + +## 3.0.9 (2019-06-14) + +* Fix extraEnvVars example ([2ff5240](https://github.com/bitnami/charts/commit/2ff52406734f73918a1fe6fb86bc9b84595e92fc)) + +## 3.0.8 (2019-06-10) + +* bitnami/kafka: update to 2.2.1 ([a46f564](https://github.com/bitnami/charts/commit/a46f5645ce3532ab0ba85b782c72614b49a0dcc1)) +* Bump kafka version ([1cd024b](https://github.com/bitnami/charts/commit/1cd024b7219ec9f549633a441a8ff3430c60f5f6)) +* Changes in README ([7ac4ec0](https://github.com/bitnami/charts/commit/7ac4ec09a0113aae7d39173f52fb11c55f27cde5)) + +## 3.0.7 (2019-06-10) + +* bitnami/kafka: update to 2.2.1 ([e57ffd9](https://github.com/bitnami/charts/commit/e57ffd922f079205318f02f28d25ca330f3f45a4)) +* Bump version ([a672193](https://github.com/bitnami/charts/commit/a67219387480695cdd7e4dd2a7f5443ed8093a11)) + +## 3.0.6 (2019-06-10) + +* Add command ([9e3b8ce](https://github.com/bitnami/charts/commit/9e3b8ced6a5222c07bd1614b534abf3b5f507c99)) +* Unify sections ([99c7d58](https://github.com/bitnami/charts/commit/99c7d58efb5ce1cdfa39f03c1ee94a1d416c40dc)) +* Use IfNotPresent as imagePullPolicy since we are using immutable tags ([53247da](https://github.com/bitnami/charts/commit/53247da385b3bed19f02505b059591869893ecbb)) + +## 3.0.5 (2019-06-07) + +* [bitnami/kafka] Unify and document production values ([9cabcc9](https://github.com/bitnami/charts/commit/9cabcc9e1ae1ba1a3d9b141147f16dc854d4a789)) + +## 3.0.4 (2019-06-03) + +* kafka: add protocol map and broker listener options ([a2397d2](https://github.com/bitnami/charts/commit/a2397d287b21ab59cfc279f9b67aec7e3e0b7c6f)) +* Update Chart.yaml ([126979e](https://github.com/bitnami/charts/commit/126979ebfe4238244ec8a2973588ac406a33f6ab)) +* Update Kafka readme regarding persistency ([e2c3a08](https://github.com/bitnami/charts/commit/e2c3a0843eea23cf50322a071c3f258fab6bac29)) +* Update README.md ([18786ad](https://github.com/bitnami/charts/commit/18786adc9201d7634c4c6de26aeea77ef288eb65)) +* Update README.md ([471ddf4](https://github.com/bitnami/charts/commit/471ddf4fd4afd72c85b2db05265406cfb80fc324)) + +## 3.0.2 (2019-06-03) + +* [bitnami/kakfa] Add option to use existingClaim ([865f218](https://github.com/bitnami/charts/commit/865f21847041d78b34edf6d679505f696ba74c3d)) +* bitnami/kafka: update to 2.2.1 ([8041c44](https://github.com/bitnami/charts/commit/8041c444c9a714625fd235a7c214a1eebcd3a8a8)) +* Fix typo ([09eab0f](https://github.com/bitnami/charts/commit/09eab0f38af04a069f84c92ad307ffabc086083d)) +* Simplify logic ([03297a3](https://github.com/bitnami/charts/commit/03297a3150bdd316dd1da53680a70a2b25cbfe71)) + +## 3.0.0 (2019-05-30) + +* [bitnami/kafka] Allow passing custom env vars with direct mapping to config properties ([9a034ad](https://github.com/bitnami/charts/commit/9a034addc56120a44a420c7d5b5436aca553f4c4)) + +## 2.2.4 (2019-05-30) + +* Bumping chart version from 2.2.3 to 2.2.4 ([774b390](https://github.com/bitnami/charts/commit/774b390424c5b970be1a93eef7a6a142e1af0afe)) +* Update Chart.yaml ([94618e9](https://github.com/bitnami/charts/commit/94618e9cad2d1acb55a27a513af0bafbcd5016e7)) + +## 2.2.3 (2019-05-29) + +* Change syntax because of linter failing ([adfc357](https://github.com/bitnami/charts/commit/adfc35728c2a8a9def9e1897b3772d64df62135428c2a8a9def9e1897b3772d64df621354)) +* Fix https://github.com/helm/charts/pull/14199\#issuecomment-496883321 and support _sha256_ as an imm ([95957ea](https://github.com/bitnami/charts/commit/95957ea6430f28ec3593053afb0bfccb75703c796430f28ec3593053afb0bfccb75703c79)) +* Use immutable tags in the main images ([17ca4f5](https://github.com/bitnami/charts/commit/17ca4f5c91da33da03f9e2d411fe5e004e825c4dc91da33da03f9e2d411fe5e004e825c4d)) + +## 2.2.2 (2019-05-28) + +* Prepare immutable tags ([f9093c1](https://github.com/bitnami/charts/commit/f9093c1aaa9cde25a042c3d62f7873385447cbf7aaa9cde25a042c3d62f7873385447cbf7)) + +## 2.2.1 (2019-05-24) + +* [bitnami/kafka] Fix values*.yaml syntax ([e7f25ce](https://github.com/bitnami/charts/commit/e7f25ceb356d17c5c8a847e2d5c72a365f2027e4b356d17c5c8a847e2d5c72a365f2027e4)) + +## 2.1.0 (2019-05-14) + +* Create a pod distruption budget when replicas is bigger than 1 ([6a0e5d9](https://github.com/bitnami/charts/commit/6a0e5d9519ff5e76b7bac184ade7c44d0e31c20a519ff5e76b7bac184ade7c44d0e31c20a)) + +## 1.10.2 (2019-04-29) + +* [bitnami/kafka] Add fullnameOverride to the readme ([0ffa56d](https://github.com/bitnami/charts/commit/0ffa56ddccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8c)) + +## 2.0.3 (2019-05-29) + +* enabling prometheus scraping for jmx exporter ([6d80a04](https://github.com/bitnami/charts/commit/6d80a04a000ece1b8db8a990d4992e944da803a8)) +* Update Chart.yaml ([90d7b64](https://github.com/bitnami/charts/commit/90d7b6413d00d6e2eec1a6bf805f18ae3c03b447)) + +## 2.2.3 (2019-05-29) + +* Change syntax because of linter failing ([adfc357](https://github.com/bitnami/charts/commit/adfc35728c2a8a9def9e1897b3772d64df62135428c2a8a9def9e1897b3772d64df621354)) +* Fix https://github.com/helm/charts/pull/14199\#issuecomment-496883321 and support _sha256_ as an imm ([95957ea](https://github.com/bitnami/charts/commit/95957ea6430f28ec3593053afb0bfccb75703c796430f28ec3593053afb0bfccb75703c79)) +* Use immutable tags in the main images ([17ca4f5](https://github.com/bitnami/charts/commit/17ca4f5c91da33da03f9e2d411fe5e004e825c4dc91da33da03f9e2d411fe5e004e825c4d)) + +## 2.2.2 (2019-05-28) + +* Prepare immutable tags ([f9093c1](https://github.com/bitnami/charts/commit/f9093c1aaa9cde25a042c3d62f7873385447cbf7aaa9cde25a042c3d62f7873385447cbf7)) + +## 2.2.1 (2019-05-24) + +* [bitnami/kafka] Fix values*.yaml syntax ([e7f25ce](https://github.com/bitnami/charts/commit/e7f25ceb356d17c5c8a847e2d5c72a365f2027e4b356d17c5c8a847e2d5c72a365f2027e4)) + +## 1.10.2 (2019-04-29) + +* [bitnami/kafka] Add fullnameOverride to the readme ([0ffa56d](https://github.com/bitnami/charts/commit/0ffa56ddccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8c)) + +## 2.1.0 (2019-05-14) + +* Create a pod distruption budget when replicas is bigger than 1 ([6a0e5d9](https://github.com/bitnami/charts/commit/6a0e5d9519ff5e76b7bac184ade7c44d0e31c20a519ff5e76b7bac184ade7c44d0e31c20a)) +* Fix indenting of data volume when not using persistent storage ([1f2bbea](https://github.com/bitnami/charts/commit/1f2bbea11b45810ec6203757415d312f0228094c)) + +## 2.0.1 (2019-05-07) + +* [bitnami/kafka] Adapt kafka to new labels format ([2a95103](https://github.com/bitnami/charts/commit/2a95103374feac820bf031c3430c33147a027c6b)) + +## 2.0.0 (2019-05-07) + +* Bump major version ([f5b13c3](https://github.com/bitnami/charts/commit/f5b13c38740f59bf59e882d94a822692babe9ce6)) + +## 1.11.0 (2019-05-07) + +* [bitnami/kafka] Update dependencies ([e13115d](https://github.com/bitnami/charts/commit/e13115da6e067b4eb3cb85b03f06540942566e52)) +* Bump chart version ([905369d](https://github.com/bitnami/charts/commit/905369dce4fdfba514504d394bdb459df90734d8)) + +## 1.10.2 (2019-04-29) + +* [bitnami/kafka] Add fullnameOverride to the readme ([0ffa56d](https://github.com/bitnami/charts/commit/0ffa56ddccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8cdccd6712fc061a07020c35712bf8b3f8c)) +* Update chart version ([0f533b7](https://github.com/bitnami/charts/commit/0f533b77378c6e8b54de2184f81d05d42ecbb20c)) + +## 1.10.0 (2019-04-08) + +* Add new kafka option. Add affinity for kafka and zookeeper ([10f0e71](https://github.com/bitnami/charts/commit/10f0e71b426d7d6336ff24c4408b2e6d8f3408ddb426d7d6336ff24c4408b2e6d8f3408dd)) + +## 1.9.1 (2019-04-16) + +* specify cluster domain ([43ccb4f](https://github.com/bitnami/charts/commit/43ccb4fde4e3d0c9d5acc67517f7b821a2a50498)) +* Update chart version ([7db6a64](https://github.com/bitnami/charts/commit/7db6a64611bd6bc409cb745ef01e9dd6ed263151)) +* update enabling auth docs ([f0ec6ff](https://github.com/bitnami/charts/commit/f0ec6ff58671da66f26cd2234fc4eef3282691ab)) +* Update zookeeper version ([da526a7](https://github.com/bitnami/charts/commit/da526a71d16381d6844f21b78946078823d6f976)) + +## 1.10.0 (2019-04-08) + +* Add new kafka option. Add affinity for kafka and zookeeper ([10f0e71](https://github.com/bitnami/charts/commit/10f0e71b426d7d6336ff24c4408b2e6d8f3408ddb426d7d6336ff24c4408b2e6d8f3408dd)) + +## 1.9.0 (2019-03-29) + +* [bitnami/kafka] Add options to configure internal topics ([de1a384](https://github.com/bitnami/charts/commit/de1a384c91cffee841239a81ab5bbf1b2e699660)) + +## 1.8.2 (2019-03-27) + +* bitnami/kafka: update to 2.2.0 ([f3b72a2](https://github.com/bitnami/charts/commit/f3b72a2fdbe6e807a9ed98ddc5bfaa8c489a30cb)) + +## 1.8.1 (2019-03-27) + +* [bitnami/kafka] Fix issue when zookeeper password is specified but authentication is disabled ([634e5db](https://github.com/bitnami/charts/commit/634e5dbeaf3dce48a56fdec4097d187690d4dd8b)) + +## 1.8.0 (2019-03-21) + +* [bitnami/kafka] Add parameters to specify 'NodePort' and 'loadBalancerIP' ([358e2d2](https://github.com/bitnami/charts/commit/358e2d2d3d68d522aa37a7d75c1aab5414039d22)) + +## 1.7.2 (2019-03-18) + +* Set rollingUpdate to null when updateStrategy is Recreate ([1a45bba](https://github.com/bitnami/charts/commit/1a45bba6ce964b3e2b939fba0cdf063cf66e7586)) + +## 1.7.1 (2019-03-14) + +* Use global registry in secondary, metrics and other non-default images ([5d216bf](https://github.com/bitnami/charts/commit/5d216bfea23f62aae825e733a9e37e936f14c310)) + +## 1.7.0 (2019-03-12) + +* Fix typo ([e11a2a3](https://github.com/bitnami/charts/commit/e11a2a3da995bf32a7c8feb4a04af8c19b11b478)) +* Fix typo in helpers ([d0b6f76](https://github.com/bitnami/charts/commit/d0b6f768e7b3bee67f234560ab8d8563ecede33d)) +* pullSecrets for production and metrics ([22d6e0b](https://github.com/bitnami/charts/commit/22d6e0b546ec6b222cc444ea3c02fd25d6f31dce)) +* Use kafka and jmx values for metrics ([50021c0](https://github.com/bitnami/charts/commit/50021c056924e8afbe4551a0688fe4b0372870d9)) + +## 1.6.0 (2019-03-11) + +* [bitnami/kafka] Add global imagePullSecrets to overwrite any other existing one ([d61508d](https://github.com/bitnami/charts/commit/d61508da3cff389627f9fcbbab708759ebee558b)) +* Add appiVersion to Chart.yaml ([08704a5](https://github.com/bitnami/charts/commit/08704a55fa287f8da2e680344163b65863959329)) +* Apply requsted changes ([fdab5e3](https://github.com/bitnami/charts/commit/fdab5e38a45fbd98c1f05a30cf18f39edeb02020)) + +## 1.4.1 (2019-02-27) + +* [bitnami/kafka] Expose KAFKA_LOG_MESSAGE_FORMAT_VERSION ([7a20589](https://github.com/bitnami/charts/commit/7a20589b82b6668cdb53c6484550f1daca450f23)) + +## 1.4.0 (2019-02-26) + +* [bitnami/kafka] Add option to configure default replication factor ([0e00bf8](https://github.com/bitnami/charts/commit/0e00bf83559cef7a76bf2333d7c5fe8e9b6856e5)) + +## 1.3.2 (2019-02-20) + +* bitnami/kafka: update to 2.1.1 ([b7d4708](https://github.com/bitnami/charts/commit/b7d47082486aef90189abd7217c6c6e19171ee7f2486aef90189abd7217c6c6e19171ee7f)) +* Update Chart.yaml ([321fe04](https://github.com/bitnami/charts/commit/321fe04c1dc48138638e966bf034564db8bb6f63c1dc48138638e966bf034564db8bb6f63)) + +## 1.2.6 (2019-01-30) + +* Update Chart.yaml ([5265f54](https://github.com/bitnami/charts/commit/5265f54a616e0e8e19b7a82732ecd6626b6afb99a616e0e8e19b7a82732ecd6626b6afb99)) +* Update statefulset.yaml ([e8112e3](https://github.com/bitnami/charts/commit/e8112e333b7275643d903d75e08036dacf805a0233b7275643d903d75e08036dacf805a02)) +* Update values-production.yaml ([328af8a](https://github.com/bitnami/charts/commit/328af8af75cf954d2ca2d9e437492c13bf034b5ff75cf954d2ca2d9e437492c13bf034b5f)) +* Update values.yaml ([3310c95](https://github.com/bitnami/charts/commit/3310c958c6f62b9d85c283d526a2bf206a9c37f58c6f62b9d85c283d526a2bf206a9c37f5)) + +## 1.3.1 (2019-02-21) + +* Update Chart.yaml ([4412763](https://github.com/bitnami/charts/commit/44127632bed4591dcef19cf3b4695a1eaeb4cb4e)) +* Update README.md ([69a201c](https://github.com/bitnami/charts/commit/69a201ca8e34ee89929f3c118df54b874bc1821a)) + +## 1.3.2 (2019-02-20) + +* Add service annotations in values-productions.yaml ([5c8517c](https://github.com/bitnami/charts/commit/5c8517c6dc37cf6f776ad61930db224a6a68a279)) +* bitnami/kafka: update to 2.1.1 ([b7d4708](https://github.com/bitnami/charts/commit/b7d47082486aef90189abd7217c6c6e19171ee7f2486aef90189abd7217c6c6e19171ee7f)) +* Document the correct format for pullSecrets in READMEs ([9a2cf81](https://github.com/bitnami/charts/commit/9a2cf81399905b7b3190bbc35a8d554f94014ce8)) +* Update Chart.yaml ([321fe04](https://github.com/bitnami/charts/commit/321fe04c1dc48138638e966bf034564db8bb6f63c1dc48138638e966bf034564db8bb6f63)) + +## 1.3.0 (2019-01-21) + +* [bitnami/kafka] Add annotations to service ([5191e48](https://github.com/bitnami/charts/commit/5191e48086e6b3ea25834ef578496547d1bfa04b086e6b3ea25834ef578496547d1bfa04b)) +* [bitnami/kafka] Fix kafka advertised name ([04b7484](https://github.com/bitnami/charts/commit/04b74845370a474c470473e9fa2372bf3924e3a3)) + +## 1.2.6 (2019-01-30) + +* Update Chart.yaml ([5265f54](https://github.com/bitnami/charts/commit/5265f54a616e0e8e19b7a82732ecd6626b6afb99a616e0e8e19b7a82732ecd6626b6afb99)) +* Update statefulset.yaml ([e8112e3](https://github.com/bitnami/charts/commit/e8112e333b7275643d903d75e08036dacf805a0233b7275643d903d75e08036dacf805a02)) +* Update values-production.yaml ([328af8a](https://github.com/bitnami/charts/commit/328af8af75cf954d2ca2d9e437492c13bf034b5ff75cf954d2ca2d9e437492c13bf034b5f)) +* Update values.yaml ([3310c95](https://github.com/bitnami/charts/commit/3310c958c6f62b9d85c283d526a2bf206a9c37f58c6f62b9d85c283d526a2bf206a9c37f5)) + +## 1.3.0 (2019-01-21) + +* [bitnami/kafka] Add annotations to service ([5191e48](https://github.com/bitnami/charts/commit/5191e48086e6b3ea25834ef578496547d1bfa04b086e6b3ea25834ef578496547d1bfa04b)) + +## 1.2.5 (2019-01-02) + +* Change the default advertised listeners to point to the headless service name instead of IP ([db633c6](https://github.com/bitnami/charts/commit/db633c66447eb6585b1cee02fdce0c402580cbdf)) +* Update kafka Chart.yaml ([e68b59c](https://github.com/bitnami/charts/commit/e68b59ca16d69968bcb59bd30d8b93396c8456ff)) + +## 1.2.4 (2018-12-20) + +* [bitnami/kafka] Add fullnameOverride to kafka chart ([eb12d81](https://github.com/bitnami/charts/commit/eb12d81e0977328977c51ea114f15a53ed90bdcd)) + +## 1.2.3 (2018-12-18) + +* [bitnami/kafka] Fix confusing help from NOTES.txt ([d88146d](https://github.com/bitnami/charts/commit/d88146dc8d877ef3daf6dda8110f75008bf56995)) + +## 1.2.2 (2018-12-17) + +* [bitnami/kafka] Update zookeeper dependency ([f964514](https://github.com/bitnami/charts/commit/f964514fbb3e63e308f5f3eca6bb6ee6eb1d5038)) + +## 1.2.1 (2018-11-21) + +* kafka: bump chart appVersion to `2.1.0` ([aeb53f1](https://github.com/bitnami/charts/commit/aeb53f1b335acb79d193fd7f0501dc2cf3be9332)) +* kafka: bump chart version to `1.2.1` ([b41a739](https://github.com/bitnami/charts/commit/b41a739921234160a7dcd87d278c247acc808d95)) +* kafka: update to `2.1.0` ([5412d88](https://github.com/bitnami/charts/commit/5412d880d5586c84025ae93c23d04734786d8e0d)) +* [bitnami/kafka] Enable metrics by default in values-production.yaml ([3176311](https://github.com/bitnami/charts/commit/31763114bac13596dba98e6f7b6fb2c937be81a8)) +* Bump chart version ([0f28135](https://github.com/bitnami/charts/commit/0f281355c5a2f166b8bf591a6b1ceb743fcf1a4c)) +* Enable jmx metrics ([f62c4f6](https://github.com/bitnami/charts/commit/f62c4f686766576758dd56ed787c0f63514cdac2)) + +## 1.0.3 (2018-10-15) + +* [bitnami/zookeeper] Enable Zookeeper exporter ([ce3acad](https://github.com/bitnami/charts/commit/ce3acad2e9897fd0c3b9bbb676b3816065029fe02e9897fd0c3b9bbb676b3816065029fe0)) + +## 1.1.3 (2018-11-13) + +* [bitnami/zookeeper] Make trunc consistent between charts ([fbab11d](https://github.com/bitnami/charts/commit/fbab11d099c4a71dee047f03468be7dd98ee7d13)) + +## 1.1.2 (2018-11-09) + +* kafka: bump chart appVersion to `2.0.1` ([65becb5](https://github.com/bitnami/charts/commit/65becb5dd47aa8138419bfa8ffa50431d8c63d4b)) +* kafka: bump chart version to `1.1.2` ([42acb1a](https://github.com/bitnami/charts/commit/42acb1a1051af1aac0536e8c808c6010e9838ebe)) +* kafka: update to `2.0.1` ([67fbfc9](https://github.com/bitnami/charts/commit/67fbfc93110ccf8c1453f4ce0946c411241496bc)) + +## 1.1.1 (2018-10-17) + +* Apply some suggestions ([24706a6](https://github.com/bitnami/charts/commit/24706a6163b75700c705f3021bb37790f95423c9)) +* Bump versions ([0cfd3f4](https://github.com/bitnami/charts/commit/0cfd3f421533a532c90438afa287bf46aa10413e)) +* Change logic to determine registry ([9ead294](https://github.com/bitnami/charts/commit/9ead294d5705f2646e8d3b70e14129d23c07bf8a)) +* Check if global is set ([dec26e5](https://github.com/bitnami/charts/commit/dec26e5d0b982905dde2a55fdf2285a7781a64cc)) +* Fix typo ([93170ac](https://github.com/bitnami/charts/commit/93170acc16e842e55aff7b7d944f7fbe025eee91)) +* Remove distro tags in charts ([427ac51](https://github.com/bitnami/charts/commit/427ac51cdf4de70f786563e1971a5d491d32ad54)) +* Reword and update kafka dependencies ([be6cbed](https://github.com/bitnami/charts/commit/be6cbedd27cea4c5c0e30ce70c9790c27ca1a0ec)) +* Update kafka deps (zookeeper) ([78a98b6](https://github.com/bitnami/charts/commit/78a98b678e338dc94b901d632f7beab138c49c04)) + +## 1.1.0 (2018-10-11) + +* Add global registry option to Bitnami charts ([395ba08](https://github.com/bitnami/charts/commit/395ba08e2bc14ef28a0cae1fada97ed6cf2e777de2bc14ef28a0cae1fada97ed6cf2e777d)) + +## 1.0.3 (2018-10-15) + +* [bitnami/zookeeper] Enable Zookeeper exporter ([ce3acad](https://github.com/bitnami/charts/commit/ce3acad2e9897fd0c3b9bbb676b3816065029fe02e9897fd0c3b9bbb676b3816065029fe0)) + +## 1.1.0 (2018-10-11) + +* Add global registry option to Bitnami charts ([395ba08](https://github.com/bitnami/charts/commit/395ba08e2bc14ef28a0cae1fada97ed6cf2e777de2bc14ef28a0cae1fada97ed6cf2e777d)) + +## 1.0.2 (2018-10-05) + +* Add ) ([728466a](https://github.com/bitnami/charts/commit/728466ac178560c67f2ede913140f50dc5136fd3)) +* Add kubeapps text to charts READMEs ([2f6dc51](https://github.com/bitnami/charts/commit/2f6dc51ce6307d57bd8c20e929da23dd2adf22d5)) +* Fix go template inside go template ([a140313](https://github.com/bitnami/charts/commit/a140313f4910d1366170415f0300729c22eda073)) +* Updated github repo URL for upstreamed charts ([c22b640](https://github.com/bitnami/charts/commit/c22b640d382e47f9769681624f919f64742e0533)) + +## 1.0.1 (2018-09-27) + +* Improve getting LoadBalancer address in Bitnami charts NOTES.txt ([a641728](https://github.com/bitnami/charts/commit/a64172812af8b11fac23be2fe7a66b1edb14c71f)) +* Update README.md ([6fd90d0](https://github.com/bitnami/charts/commit/6fd90d0f52676bae0293745c1fb493d7c3e9c655)) + +## 1.0.0 (2018-09-21) + +* [bitnami/kafka] Fix chart not being upgradable ([e9dd41e](https://github.com/bitnami/charts/commit/e9dd41e93dfc4b161d85054661eef359f9ece936)) +* Update README.md ([bd1ad05](https://github.com/bitnami/charts/commit/bd1ad050655c1a2835b33bd18f6f0f912f61f3d3)), closes [#794](https://github.com/bitnami/charts/issues/794) + +## 0.0.9 (2018-08-14) + +* kafka: bump chart appVersion to `2.0.0` ([34afefe](https://github.com/bitnami/charts/commit/34afefe813a5a2cb64f8e9dfff7523cacb501fc7)) +* kafka: bump chart version to `0.0.9` ([0db5066](https://github.com/bitnami/charts/commit/0db5066369b73685fb13f1f17ca48f078ee41b5d)) +* kafka: update to `2.0.0-debian-9` ([d209240](https://github.com/bitnami/charts/commit/d209240f58c1978e84ae05b6ae743bb941131a1b)) + +## 0.0.8 (2018-08-14) + +* Fix issue with maxMessageBytes default value ([ae72588](https://github.com/bitnami/charts/commit/ae72588f0869e0097d1db95e27f2e6efd658c712)) + +## 0.0.7 (2018-08-06) + +* Add max.message.bytes support to kafka ([0aa5f72](https://github.com/bitnami/charts/commit/0aa5f72d63242b3fd5d5e2d64d842763b7397631)) +* Improve notes to access deployed services ([0071eb5](https://github.com/bitnami/charts/commit/0071eb5545f7774eeab9ea335c660df644ad3e4c)) +* Update readme ([551c250](https://github.com/bitnami/charts/commit/551c250a4af035dce11c6503457c7930627d1508)) + +## 0.0.6 (2018-07-20) + +* kafka: bump chart appVersion to `1.1.1` ([e0a2c35](https://github.com/bitnami/charts/commit/e0a2c35b553bc8bfef3cf41bdca97b7f9169bb4d)) +* kafka: bump chart version to `0.0.6` ([e0cf56d](https://github.com/bitnami/charts/commit/e0cf56d9696f0bcc5aa79536aa8d6971d5d7c5c9)) +* kafka: update to `1.1.1-debian-9` ([8d823c2](https://github.com/bitnami/charts/commit/8d823c26e4506db700a0c3229bd451688873e63f)) + +## 0.0.5 (2018-07-06) + +* kafka: bump chart appVersion to `1.1.0-debian-9` ([edd533a](https://github.com/bitnami/charts/commit/edd533a4c5fb631118ad74e7ffafb7c9d7440759)) +* kafka: bump chart version to `0.0.5` ([7e4ddad](https://github.com/bitnami/charts/commit/7e4ddadeeb8f6a21cea92ec443e33dd15e34d7c9)) +* kafka: update to `1.1.0-debian-9` ([125ac00](https://github.com/bitnami/charts/commit/125ac00b67d07e926f8c894f628b2813f2699c9d)) + +## 0.0.4 (2018-06-14) + +* Fix capitalization of clusterIP parameter ([e8153d8](https://github.com/bitnami/charts/commit/e8153d806c681956d15670475756e67166171b0b)) +* Update requirements.lock file ([386a592](https://github.com/bitnami/charts/commit/386a592a9dca6d1ee7bc34a8c3d898d55d658339)) + +## 0.0.3 (2018-06-14) + +* Add missing dependency file ([dd6ca24](https://github.com/bitnami/charts/commit/dd6ca2416bb8b4de82f9880f8eadb6f21c42726f)) + +## 0.0.2 (2018-06-14) + +* Add javsalgar's feedback ([0b28054](https://github.com/bitnami/charts/commit/0b280542a8b26c97c14c45e7902bdc113edaf666)) +* Fix kafka-chart. certificatesSecret is not always needed ([473e2b2](https://github.com/bitnami/charts/commit/473e2b2646f6a7eceabd5c23c2678bab54ef98c4)) +* not include dummy certificates. now it is mandatory mount them ([ace6973](https://github.com/bitnami/charts/commit/ace6973a546feec2920a477e9b39a4c8434b7723)) +* Update jmx values yaml path ([98c0b7d](https://github.com/bitnami/charts/commit/98c0b7d5be6a90bb73ea65444e8f955595b8d47f)) + +## 0.0.1 (2018-06-13) + +* Add kafka chart ([d20173a](https://github.com/bitnami/charts/commit/d20173aa3fab7793012d8eb65420c5560cd0166d)) diff --git a/helm/kafka/Chart.yaml b/helm/kafka/Chart.yaml new file mode 100644 index 000000000..33c765b65 --- /dev/null +++ b/helm/kafka/Chart.yaml @@ -0,0 +1,39 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + tanzuCategory: service + category: Infrastructure + licenses: Apache-2.0 + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:1.2.0-debian-12-r1 + - name: kafka + image: docker.io/bitnami/kafka:4.0.0-debian-12-r0 + - name: kubectl + image: docker.io/bitnami/kubectl:1.32.3-debian-12-r1 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r40 +apiVersion: v2 +appVersion: 4.0.0 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Apache Kafka is a distributed streaming platform designed to build real-time pipelines and can be used as a message broker or as a replacement for a log aggregation solution for big data applications. +home: https://bitnami.com +icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/kafka/img/kafka-stack-220x234.png +keywords: +- kafka +- streaming +- producer +- consumer +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: kafka +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/kafka +version: 32.1.3 diff --git a/helm/kafka/README.md b/helm/kafka/README.md new file mode 100644 index 000000000..0061d1ff4 --- /dev/null +++ b/helm/kafka/README.md @@ -0,0 +1,1532 @@ + + +# Bitnami package for Apache Kafka + +Apache Kafka is a distributed streaming platform designed to build real-time pipelines and can be used as a message broker or as a replacement for a log aggregation solution for big data applications. + +[Overview of Apache Kafka](http://kafka.apache.org/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/kafka +``` + +Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/bitnami/kafka) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/kafka +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +These commands deploy Kafka on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Listeners configuration + +This chart allows you to automatically configure Kafka with 4 listeners: + +- One for controller communications. +- A second one for inter-broker communications. +- A third one for communications with clients within the K8s cluster. +- (optional) a forth listener for communications with clients outside the K8s cluster. Check [this section](#accessing-kafka-brokers-from-outside-the-cluster) for more information. + +For more complex configurations, set the `listeners`, `advertisedListeners` and `listenerSecurityProtocolMap` parameters as needed. + +### Enable security for Kafka + +You can configure different authentication protocols for each listener you configure in Kafka. For instance, you can use `sasl_tls` authentication for client communications, while using `tls` for controller and inter-broker communications. This table shows the available protocols and the security they provide: + +| Method | Authentication | Encryption via TLS | +|-----------|------------------------------|--------------------| +| plaintext | None | No | +| tls | None | Yes | +| mtls | Yes (two-way authentication) | Yes | +| sasl | Yes (via SASL) | No | +| sasl_tls | Yes (via SASL) | Yes | + +Configure the authentication protocols for client, controller and inter-broker communications by setting the `listeners.client.protocol`, `listeners.controller.protocol` and `listeners.interbroker.protocol` parameters to the desired ones, respectively. + +If you enabled SASL authentication on any listener, you can set the SASL credentials using the parameters below: + +- `sasl.client.users`/`sasl.client.passwords`: when enabling SASL authentication for communications with clients. +- `sasl.interbroker.user`/`sasl.interbroker.password`: when enabling SASL authentication for inter-broker communications. +- `sasl.controller.user`/`sasl.controller.password`: when enabling SASL authentication for controller communications. + +In order to configure TLS authentication/encryption, you **can** create a secret per Kafka node you have in the cluster containing the Java Key Stores (JKS) files: the truststore (`kafka.truststore.jks`) and the keystore (`kafka.keystore.jks`). Then, you need pass the secret names with the `tls.existingSecret` parameter when deploying the chart. + +> **Note**: If the JKS files are password protected (recommended), you will need to provide the password to get access to the keystores. To do so, use the `tls.keystorePassword` and `tls.truststorePassword` parameters to provide your passwords. + +For instance, to configure TLS authentication on a Kafka cluster with 2 Kafka nodes use the commands below to create the secrets: + +```console +kubectl create secret generic kafka-jks-0 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-0.keystore.jks +kubectl create secret generic kafka-jks-1 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-1.keystore.jks +``` + +> **Note**: the command above assumes you already created the truststore and keystores files. This [script](https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh) can help you with the JKS files generation. + +If, for some reason (like using CertManager) you can not use the default JKS secret scheme, you can use the additional parameters: + +- `tls.jksTruststoreSecret` to define additional secret, where the `kafka.truststore.jks` is being kept. The truststore password **must** be the same as in `tls.truststorePassword` +- `tls.jksTruststoreKey` to overwrite the default value of the truststore key (`kafka.truststore.jks`). + +> **Note**: If you are using CertManager, particularly when an ACME issuer is used, the `ca.crt` field is not put in the `Secret` that CertManager creates. To handle this, the `tls.pemChainIncluded` property can be set to `true` and the initContainer created by this Chart will attempt to extract the intermediate certs from the `tls.crt` field of the secret (which is a PEM chain) +> **Note**: The truststore/keystore from above **must** be protected with the same passwords set in the `tls.keystorePassword` and `tls.truststorePassword` parameters. + +You can deploy the chart with authentication using the following parameters: + +```console +replicaCount=2 +listeners.client.protocol=SASL +listeners.interbroker.protocol=TLS +tls.existingSecret=kafka-jks +tls.keystorePassword=jksPassword +tls.truststorePassword=jksPassword +sasl.client.users[0]=brokerUser +sasl.client.passwords[0]=brokerPassword + +``` + +By setting the following parameter: `listeners.client.protocol=SSL` and `listener.client.sslClientAuth=required`, Kafka will require the clients to authenticate to Kafka brokers via certificate. + +As result, we will be able to see in `kafka-authorizer.log` the events specific Subject: `[...] Principal = User:CN=kafka,OU=...,O=...,L=...,C=..,ST=... is [...]`. + +### Update credentials + +The Bitnami Kafka chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `sasl.existingSecret`. To update credentials, use one of the following: + +- Run `helm upgrade` specifying new credentials in the `sasl` section as explained in the [authentication section](#enable-security-for-kafka). +- Run `helm upgrade` specifying a new secret in `sasl.existingSecret` + +### Accessing Kafka brokers from outside the cluster + +In order to access Kafka Brokers from outside the cluster, an additional listener and advertised listener must be configured. Additionally, a specific service per kafka pod will be created. + +There are three ways of configuring external access. Using LoadBalancer services, using NodePort services or using ClusterIP services. + +#### Using LoadBalancer services + +You have two alternatives to use LoadBalancer services: + +- Option A) Use random load balancer IPs using an **initContainer** that waits for the IPs to be ready and discover them automatically. + +```console +externalAccess.enabled=true +externalAccess.broker.service.type=LoadBalancer +externalAccess.controller.service.type=LoadBalancer +externalAccess.broker.service.ports.external=9094 +externalAccess.controller.service.containerPorts.external=9094 +defaultInitContainers.autoDiscovery.enabled=true +serviceAccount.create=true +rbac.create=true +``` + +Note: This option requires creating RBAC rules on clusters where RBAC policies are enabled. + +- Option B) Manually specify the load balancer IPs: + +```console +externalAccess.enabled=true +externalAccess.controller.service.type=LoadBalancer +externalAccess.controller.service.containerPorts.external=9094 +externalAccess.controller.service.loadBalancerIPs[0]='external-ip-1' +externalAccess.controller.service.loadBalancerIPs[1]='external-ip-2' +externalAccess.broker.service.type=LoadBalancer +externalAccess.broker.service.ports.external=9094 +externalAccess.broker.service.loadBalancerIPs[0]='external-ip-3' +externalAccess.broker.service.loadBalancerIPs[1]='external-ip-4' +``` + +Note: You need to know in advance the load balancer IPs so each Kafka broker advertised listener is configured with it. + +Following the aforementioned steps will also allow to connect the brokers from the outside using the cluster's default service (when `service.type` is `LoadBalancer` or `NodePort`). Use the property `service.externalPort` to specify the port used for external connections. + +#### Using NodePort services + +You have two alternatives to use NodePort services: + +- Option A) Use random node ports using an **initContainer** that discover them automatically. + + ```console + externalAccess.enabled=true + externalAccess.controller.service.type=NodePort + externalAccess.broker.service.type=NodePort + defaultInitContainers.autoDiscovery.enabled=true + serviceAccount.create=true + rbac.create=true + ``` + + Note: This option requires creating RBAC rules on clusters where RBAC policies are enabled. + +- Option B) Manually specify the node ports: + + ```console + externalAccess.enabled=true + externalAccess.controller.service.type=NodePort + externalAccess.controller.service.nodePorts[0]='node-port-1' + externalAccess.controller.service.nodePorts[1]='node-port-2' + ``` + + Note: You need to know in advance the node ports that will be exposed so each Kafka broker advertised listener is configured with it. + + The pod will try to get the external ip of the node using `curl -s https://ipinfo.io/ip` unless `externalAccess..service.domain` or `externalAccess..service.useHostIPs` is provided. + +- Option C) Manually specify distinct external IPs (using controller+broker nodes) + + ```console + externalAccess.enabled=true + externalAccess.controller.service.type=NodePort + externalAccess.controller.service.externalIPs[0]='172.16.0.20' + externalAccess.controller.service.externalIPs[1]='172.16.0.21' + externalAccess.controller.service.externalIPs[2]='172.16.0.22' + ``` + + Note: You need to know in advance the available IP of your cluster that will be exposed so each Kafka broker advertised listener is configured with it. + +#### Using ClusterIP services + +Note: This option requires that an ingress is deployed within your cluster + +```console +externalAccess.enabled=true +externalAccess.controller.service.type=ClusterIP +externalAccess.controller.service.ports.external=9094 +externalAccess.controller.service.domain='ingress-ip' +externalAccess.broker.service.type=ClusterIP +externalAccess.broker.service.ports.external=9094 +externalAccess.broker.service.domain='ingress-ip' +``` + +Note: the deployed ingress must contain the following block: + +```console +tcp: + 9094: "{{ include "common.names.namespace" . }}/{{ include "common.names.fullname" . }}-0-external:9094" + 9095: "{{ include "common.names.namespace" . }}/{{ include "common.names.fullname" . }}-1-external:9094" + 9096: "{{ include "common.names.namespace" . }}/{{ include "common.names.fullname" . }}-2-external:9094" +``` + +#### Name resolution with External-DNS + +You can use the following values to generate External-DNS annotations which automatically creates DNS records for each ReplicaSet pod: + +```yaml +externalAccess: + controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: "{{ .targetPod }}.example.com" +``` + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` values (check parameters table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### Prometheus metrics + +### Enable metrics + +This chart can be integrated with Prometheus by setting `metrics.jmx.enabled` to `true`. This will deploy a sidecar container with [jmx_exporter](https://github.com/prometheus/jmx_exporter) in all pods and a `metrics` service, which can be configured under the `metrics.jmx.service` section. This service will have the necessary annotations to be automatically scraped by Prometheus. + +#### Prometheus requirements + +It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster. + +#### Integration with Prometheus Operator + +The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error: + +```text +no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1" +``` + +Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator. + +### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Sidecars + +If you have a need for additional containers to run within the same pod as Kafka (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` parameters. Simply define your container according to the Kubernetes container spec. + +```yaml +sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Deploying extra resources + +There are cases where you may want to deploy extra objects, such as Kafka Connect. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. The following example would create a deployment including a Kafka Connect deployment so you can connect Kafka with MongoDB®: + +```yaml +extraDeploy: + - | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: {{ include "common.names.fullname" . }}-connect + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: connector + spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: connector + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: connector + spec: + containers: + - name: connect + image: KAFKA-CONNECT-IMAGE + imagePullPolicy: IfNotPresent + ports: + - name: connector + containerPort: 8083 + volumeMounts: + - name: configuration + mountPath: /bitnami/kafka/config + volumes: + - name: configuration + configMap: + name: {{ include "common.names.fullname" . }}-connect + - | + apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ include "common.names.fullname" . }}-connect + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: connector + data: + connect-standalone.properties: |- + bootstrap.servers = {{ include "common.names.fullname" . }}-controller-0.{{ include "common.names.fullname" . }}-controller-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.client }} + ... + mongodb.properties: |- + connection.uri=mongodb://root:password@mongodb-hostname:27017 + ... + - | + apiVersion: v1 + kind: Service + metadata: + name: {{ include "common.names.fullname" . }}-connect + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: connector + spec: + ports: + - protocol: TCP + port: 8083 + targetPort: connector + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: connector +``` + +You can create the Kafka Connect image using the Dockerfile below: + +```Dockerfile +FROM bitnami/kafka:latest +# Download MongoDB® Connector for Apache Kafka https://www.confluent.io/hub/mongodb/kafka-connect-mongodb +RUN mkdir -p /opt/bitnami/kafka/plugins && \ + cd /opt/bitnami/kafka/plugins && \ + curl --remote-name --location --silent https://search.maven.org/remotecontent?filepath=org/mongodb/kafka/mongo-kafka-connect/1.2.0/mongo-kafka-connect-1.2.0-all.jar +CMD /opt/bitnami/kafka/bin/connect-standalone.sh /bitnami/kafka/config/connect-standalone.properties /bitnami/kafka/config/mongo.properties +``` + +### Persistence + +The [Bitnami Kafka](https://github.com/bitnami/containers/tree/main/bitnami/kafka) image stores the Kafka data at the `/bitnami/kafka` path of the container. Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. + +#### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. + +You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +#### Backup and restore + +To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------- | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `usePasswordFiles` | Mount credentials as files instead of using environment variables | `true` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the chart release | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the chart release | `["infinity"]` | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | + +### Kafka common parameters + +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | +| `image.registry` | Kafka image registry | `REGISTRY_NAME` | +| `image.repository` | Kafka image repository | `REPOSITORY_NAME/kafka` | +| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | +| `clusterId` | Kafka Kraft cluster ID (ignored if existingKraftSecret is set). A random cluster ID will be generated the 1st time Kraft is initialized if not set. | `""` | +| `existingKraftSecret` | Name of the secret containing the Kafka KRaft Cluster ID and one directory ID per controller replica | `""` | +| `config` | Specify content for Kafka configuration (auto-generated based on other parameters otherwise) | `{}` | +| `overrideConfiguration` | Kafka common configuration override. Values defined here takes precedence over the ones defined at `config` | `{}` | +| `existingConfigmap` | Name of an existing ConfigMap with the Kafka configuration | `""` | +| `secretConfig` | Additional configuration to be appended at the end of the generated Kafka configuration (store in a secret) | `""` | +| `existingSecretConfig` | Secret with additional configuration that will be appended to the end of the generated Kafka configuration | `""` | +| `log4j2` | Specify content for Kafka log4j2 configuration (default one is used otherwise) | `""` | +| `existingLog4j2ConfigMap` | The name of an existing ConfigMap containing the log4j2.yaml file | `""` | +| `heapOpts` | Kafka Java Heap configuration | `-XX:InitialRAMPercentage=75 -XX:MaxRAMPercentage=75` | +| `brokerRackAwareness.enabled` | Enable Kafka Rack Awareness | `false` | +| `brokerRackAwareness.cloudProvider` | Cloud provider to use to set Broker Rack Awareness. Allowed values: `aws-az`, `azure` | `""` | +| `brokerRackAwareness.azureApiVersion` | Metadata API version to use when brokerRackAwareness.cloudProvider is set to `azure` | `2023-11-15` | +| `interBrokerProtocolVersion` | Override the setting 'inter.broker.protocol.version' during the ZK migration. | `""` | +| `listeners.client.name` | Name for the Kafka client listener | `CLIENT` | +| `listeners.client.containerPort` | Port for the Kafka client listener | `9092` | +| `listeners.client.protocol` | Security protocol for the Kafka client listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' | `SASL_PLAINTEXT` | +| `listeners.client.sslClientAuth` | Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' | `""` | +| `listeners.controller.name` | Name for the Kafka controller listener | `CONTROLLER` | +| `listeners.controller.containerPort` | Port for the Kafka controller listener | `9093` | +| `listeners.controller.protocol` | Security protocol for the Kafka controller listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' | `SASL_PLAINTEXT` | +| `listeners.controller.sslClientAuth` | Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' | `""` | +| `listeners.interbroker.name` | Name for the Kafka inter-broker listener | `INTERNAL` | +| `listeners.interbroker.containerPort` | Port for the Kafka inter-broker listener | `9094` | +| `listeners.interbroker.protocol` | Security protocol for the Kafka inter-broker listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' | `SASL_PLAINTEXT` | +| `listeners.interbroker.sslClientAuth` | Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' | `""` | +| `listeners.external.containerPort` | Port for the Kafka external listener | `9095` | +| `listeners.external.protocol` | Security protocol for the Kafka external listener. . Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' | `SASL_PLAINTEXT` | +| `listeners.external.name` | Name for the Kafka external listener | `EXTERNAL` | +| `listeners.external.sslClientAuth` | Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.sslClientAuth for this listener. Allowed values are 'none', 'requested' and 'required' | `""` | +| `listeners.extraListeners` | Array of listener objects to be appended to already existing listeners | `[]` | +| `listeners.overrideListeners` | Overrides the Kafka 'listeners' configuration setting. | `""` | +| `listeners.advertisedListeners` | Overrides the Kafka 'advertised.listener' configuration setting. | `""` | +| `listeners.securityProtocolMap` | Overrides the Kafka 'security.protocol.map' configuration setting. | `""` | + +### Kafka SASL parameters + +| Name | Description | Value | +| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `sasl.enabledMechanisms` | Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512`, `OAUTHBEARER` | `PLAIN,SCRAM-SHA-256,SCRAM-SHA-512` | +| `sasl.interBrokerMechanism` | SASL mechanism for inter broker communication. | `PLAIN` | +| `sasl.controllerMechanism` | SASL mechanism for controller communications. | `PLAIN` | +| `sasl.oauthbearer.tokenEndpointUrl` | The URL for the OAuth/OIDC identity provider | `""` | +| `sasl.oauthbearer.jwksEndpointUrl` | The OAuth/OIDC provider URL from which the provider's JWKS (JSON Web Key Set) can be retrieved | `""` | +| `sasl.oauthbearer.expectedAudience` | The comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences | `""` | +| `sasl.oauthbearer.subClaimName` | The OAuth claim name for the subject. | `sub` | +| `sasl.interbroker.user` | Username for inter-broker communications when SASL is enabled | `inter_broker_user` | +| `sasl.interbroker.password` | Password for inter-broker communications when SASL is enabled. If not set and SASL is enabled for the controller listener, a random password will be generated. | `""` | +| `sasl.interbroker.clientId` | Client ID for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER | `inter_broker_client` | +| `sasl.interbroker.clientSecret` | Client Secret for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the controller listener, a random secret will be generated. | `""` | +| `sasl.controller.user` | Username for controller communications when SASL is enabled | `controller_user` | +| `sasl.controller.password` | Password for controller communications when SASL is enabled. If not set and SASL is enabled for the inter-broker listener, a random password will be generated. | `""` | +| `sasl.controller.clientId` | Client ID for controller communications when SASL is enabled with mechanism OAUTHBEARER | `controller_broker_client` | +| `sasl.controller.clientSecret` | Client Secret for controller communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the inter-broker listener, a random secret will be generated. | `""` | +| `sasl.client.users` | Comma-separated list of usernames for client communications when SASL is enabled | `["user1"]` | +| `sasl.client.passwords` | Comma-separated list of passwords for client communications when SASL is enabled, must match the number of client.users | `""` | +| `sasl.existingSecret` | Name of the existing secret containing credentials for client.users, interbroker.user and controller.user | `""` | + +### Kafka TLS parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `tls.type` | Format to use for TLS certificates. Allowed types: `JKS` and `PEM` | `JKS` | +| `tls.pemChainIncluded` | Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. | `false` | +| `tls.autoGenerated.enabled` | Enable automatic generation of TLS certificates (only supported if `tls.type` is `PEM`) | `true` | +| `tls.autoGenerated.engine` | Mechanism to generate the certificates (allowed values: helm, cert-manager) | `helm` | +| `tls.autoGenerated.customAltNames` | List of additional subject alternative names (SANs) for the automatically generated TLS certificates. | `[]` | +| `tls.autoGenerated.certManager.existingIssuer` | The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) | `""` | +| `tls.autoGenerated.certManager.existingIssuerKind` | Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) | `""` | +| `tls.autoGenerated.certManager.keyAlgorithm` | Key algorithm for the certificates (only for `cert-manager` engine) | `RSA` | +| `tls.autoGenerated.certManager.keySize` | Key size for the certificates (only for `cert-manager` engine) | `2048` | +| `tls.autoGenerated.certManager.duration` | Duration for the certificates (only for `cert-manager` engine) | `2160h` | +| `tls.autoGenerated.certManager.renewBefore` | Renewal period for the certificates (only for `cert-manager` engine) | `360h` | +| `tls.existingSecret` | Name of the existing secret containing the TLS certificates for the Kafka nodes. | `""` | +| `tls.passwordsSecret` | Name of the secret containing the password to access the JKS files or PEM key when they are password-protected. (`key`: `password`) | `""` | +| `tls.passwordsSecretKeystoreKey` | The secret key from the tls.passwordsSecret containing the password for the Keystore. | `keystore-password` | +| `tls.passwordsSecretTruststoreKey` | The secret key from the tls.passwordsSecret containing the password for the Truststore. | `truststore-password` | +| `tls.passwordsSecretPemPasswordKey` | The secret key from the tls.passwordsSecret containing the password for the PEM key inside 'tls.passwordsSecret'. | `""` | +| `tls.keystorePassword` | Password to access the JKS keystore when it is password-protected. Ignored when 'tls.passwordsSecret' is provided. | `""` | +| `tls.truststorePassword` | Password to access the JKS truststore when it is password-protected. Ignored when 'tls.passwordsSecret' is provided. | `""` | +| `tls.keyPassword` | Password to access the PEM key when it is password-protected. | `""` | +| `tls.jksKeystoreKey` | The secret key from the `tls.existingSecret` containing the keystore | `""` | +| `tls.jksTruststoreSecret` | Name of the existing secret containing your truststore if truststore not existing or different from the one in the `tls.existingSecret` | `""` | +| `tls.jksTruststoreKey` | The secret key from the `tls.existingSecret` or `tls.jksTruststoreSecret` containing the truststore | `""` | +| `tls.endpointIdentificationAlgorithm` | The endpoint identification algorithm to validate server hostname using server certificate | `https` | +| `tls.sslClientAuth` | Sets the default value for the ssl.client.auth Kafka setting. | `required` | +| `extraEnvVars` | Extra environment variables to add to Kafka pods | `[]` | +| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the Kafka pod(s) | `[]` | +| `initContainers` | Add additional Add init containers to the Kafka pod(s) | `[]` | +| `dnsPolicy` | Specifies the DNS policy for the Kafka pods | `""` | +| `dnsConfig` | allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None` | `{}` | +| `defaultInitContainers.volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `defaultInitContainers.volumePermissions.image.registry` | "volume-permissions" init-containers' image registry | `REGISTRY_NAME` | +| `defaultInitContainers.volumePermissions.image.repository` | "volume-permissions" init-containers' image repository | `REPOSITORY_NAME/os-shell` | +| `defaultInitContainers.volumePermissions.image.digest` | "volume-permissions" init-containers' image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `defaultInitContainers.volumePermissions.image.pullPolicy` | "volume-permissions" init-containers' image pull policy | `IfNotPresent` | +| `defaultInitContainers.volumePermissions.image.pullSecrets` | "volume-permissions" init-containers' image pull secrets | `[]` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.enabled` | Enabled "volume-permissions" init-containers' Security Context | `true` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in "volume-permissions" init-containers | `{}` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser` | Set runAsUser in "volume-permissions" init-containers' Security Context | `0` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.privileged` | Set privileged in "volume-permissions" init-containers' Security Context | `false` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "volume-permissions" init-containers' Security Context | `false` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.add` | List of capabilities to be added in "volume-permissions" init-containers | `[]` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "volume-permissions" init-containers | `["ALL"]` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "volume-permissions" init-containers | `RuntimeDefault` | +| `defaultInitContainers.volumePermissions.resourcesPreset` | Set Kafka "volume-permissions" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.volumePermissions.resources is set (defaultInitContainers.volumePermissions.resources is recommended for production). | `nano` | +| `defaultInitContainers.volumePermissions.resources` | Set Kafka "volume-permissions" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.enabled` | Enabled "prepare-config" init-containers' Security Context | `true` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.seLinuxOptions` | Set SELinux options in "prepare-config" init-containers | `{}` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.runAsUser` | Set runAsUser in "prepare-config" init-containers' Security Context | `1001` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.runAsGroup` | Set runAsUser in "prepare-config" init-containers' Security Context | `1001` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in "prepare-config" init-containers' Security Context | `true` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in "prepare-config" init-containers' Security Context | `true` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.privileged` | Set privileged in "prepare-config" init-containers' Security Context | `false` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "prepare-config" init-containers' Security Context | `false` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.add` | List of capabilities to be added in "prepare-config" init-containers | `[]` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "prepare-config" init-containers | `["ALL"]` | +| `defaultInitContainers.prepareConfig.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "prepare-config" init-containers | `RuntimeDefault` | +| `defaultInitContainers.prepareConfig.resourcesPreset` | Set Kafka "prepare-config" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.prepareConfig.resources is set (defaultInitContainers.prepareConfig.resources is recommended for production). | `nano` | +| `defaultInitContainers.prepareConfig.resources` | Set Kafka "prepare-config" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.prepareConfig.extraInit` | Additional content for the "prepare-config" init script, rendered as a template. | `""` | +| `defaultInitContainers.autoDiscovery.enabled` | Enable init container that auto-detects external IPs/ports by querying the K8s API | `false` | +| `defaultInitContainers.autoDiscovery.image.registry` | "auto-discovery" init-containers' image registry | `REGISTRY_NAME` | +| `defaultInitContainers.autoDiscovery.image.repository` | "auto-discovery" init-containers' image repository | `REPOSITORY_NAME/os-shell` | +| `defaultInitContainers.autoDiscovery.image.digest` | "auto-discovery" init-containers' image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `defaultInitContainers.autoDiscovery.image.pullPolicy` | "auto-discovery" init-containers' image pull policy | `IfNotPresent` | +| `defaultInitContainers.autoDiscovery.image.pullSecrets` | "auto-discovery" init-containers' image pull secrets | `[]` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.enabled` | Enabled "auto-discovery" init-containers' Security Context | `true` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.seLinuxOptions` | Set SELinux options in "auto-discovery" init-containers | `{}` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.runAsUser` | Set runAsUser in "auto-discovery" init-containers' Security Context | `1001` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.runAsGroup` | Set runAsUser in "auto-discovery" init-containers' Security Context | `1001` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in "auto-discovery" init-containers' Security Context | `true` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in "auto-discovery" init-containers' Security Context | `true` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.privileged` | Set privileged in "auto-discovery" init-containers' Security Context | `false` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "auto-discovery" init-containers' Security Context | `false` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.capabilities.add` | List of capabilities to be added in "auto-discovery" init-containers | `[]` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "auto-discovery" init-containers | `["ALL"]` | +| `defaultInitContainers.autoDiscovery.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "auto-discovery" init-containers | `RuntimeDefault` | +| `defaultInitContainers.autoDiscovery.resourcesPreset` | Set Kafka "auto-discovery" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.autoDiscovery.resources is set (defaultInitContainers.autoDiscovery.resources is recommended for production). | `nano` | +| `defaultInitContainers.autoDiscovery.resources` | Set Kafka "auto-discovery" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +### Controller-eligible statefulset parameters + +| Name | Description | Value | +| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `controller.replicaCount` | Number of Kafka controller-eligible nodes | `3` | +| `controller.controllerOnly` | If set to true, controller nodes will be deployed as dedicated controllers, instead of controller+broker processes. | `false` | +| `controller.quorumBootstrapServers` | Override the Kafka controller quorum bootstrap servers of the Kafka Kraft cluster. If not set, it will be automatically configured to use all controller-eligible nodes. | `""` | +| `controller.minId` | Minimal node.id values for controller-eligible nodes. Do not change after first initialization. | `0` | +| `controller.config` | Specify content for Kafka configuration for Kafka controller-eligible nodes (auto-generated based on other parameters otherwise) | `{}` | +| `controller.overrideConfiguration` | Kafka configuration override for Kafka controller-eligible nodes. Values defined here takes precedence over the ones defined at `controller.config` | `{}` | +| `controller.existingConfigmap` | Name of an existing ConfigMap with the Kafka configuration for Kafka controller-eligible nodes | `""` | +| `controller.secretConfig` | Additional configuration to be appended at the end of the generated Kafka configuration for Kafka controller-eligible nodes (store in a secret) | `""` | +| `controller.existingSecretConfig` | Secret with additional configuration that will be appended to the end of the generated Kafka configuration for Kafka controller-eligible nodes | `""` | +| `controller.heapOpts` | Kafka Java Heap size for controller-eligible nodes | `-Xmx1024m -Xms1024m` | +| `controller.command` | Override Kafka container command | `[]` | +| `controller.args` | Override Kafka container arguments | `[]` | +| `controller.extraEnvVars` | Extra environment variables to add to Kafka pods | `[]` | +| `controller.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `controller.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `controller.extraContainerPorts` | Kafka controller-eligible extra containerPorts. | `[]` | +| `controller.livenessProbe.enabled` | Enable livenessProbe on Kafka containers | `true` | +| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `controller.readinessProbe.enabled` | Enable readinessProbe on Kafka containers | `true` | +| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `controller.startupProbe.enabled` | Enable startupProbe on Kafka containers | `false` | +| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `controller.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `controller.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `controller.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `controller.lifecycleHooks` | lifecycleHooks for the Kafka container to automate configuration before or after startup | `{}` | +| `controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | `small` | +| `controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `controller.podSecurityContext.enabled` | Enable security context for the pods | `true` | +| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `controller.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | +| `controller.podSecurityContext.seccompProfile.type` | Set Kafka pods's Security Context seccomp profile | `RuntimeDefault` | +| `controller.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | +| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `controller.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `controller.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `controller.containerSecurityContext.runAsGroup` | Set Kafka containers' Security Context runAsGroup | `1001` | +| `controller.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | +| `controller.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | +| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly only | `true` | +| `controller.containerSecurityContext.capabilities.drop` | Set Kafka containers' server Security Context capabilities to be dropped | `["ALL"]` | +| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `controller.hostAliases` | Kafka pods host aliases | `[]` | +| `controller.hostNetwork` | Specify if host network should be enabled for Kafka pods | `false` | +| `controller.hostIPC` | Specify if host IPC should be enabled for Kafka pods | `false` | +| `controller.podLabels` | Extra labels for Kafka pods | `{}` | +| `controller.podAnnotations` | Extra annotations for Kafka pods | `{}` | +| `controller.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `controller.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `controller.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `controller.nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `controller.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `controller.affinity` | Affinity for pod assignment | `{}` | +| `controller.nodeSelector` | Node labels for pod assignment | `{}` | +| `controller.tolerations` | Tolerations for pod assignment | `[]` | +| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `controller.terminationGracePeriodSeconds` | Seconds the pod needs to gracefully terminate | `""` | +| `controller.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` | +| `controller.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `controller.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` | +| `controller.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `controller.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `controller.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` | +| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` | +| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka container(s) | `[]` | +| `controller.sidecars` | Add additional sidecar containers to the Kafka pod(s) | `[]` | +| `controller.initContainers` | Add additional Add init containers to the Kafka pod(s) | `[]` | + +### Experimental: Kafka Controller Autoscaling configuration + +| Name | Description | Value | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `controller.autoscaling.vpa.enabled` | Enable VPA | `false` | +| `controller.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `controller.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `controller.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `controller.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `controller.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` | +| `controller.autoscaling.hpa.enabled` | Enable HPA for Kafka Controller | `false` | +| `controller.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` | +| `controller.autoscaling.hpa.minReplicas` | Minimum number of Kafka Controller replicas | `""` | +| `controller.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Controller replicas | `""` | +| `controller.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `controller.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `controller.pdb.create` | Deploy a pdb object for the Kafka pod | `true` | +| `controller.pdb.minAvailable` | Minimum number/percentage of available Kafka replicas | `""` | +| `controller.pdb.maxUnavailable` | Maximum number/percentage of unavailable Kafka replicas | `""` | +| `controller.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `controller.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `controller.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `controller.persistence.enabled` | Enable Kafka data persistence using PVC | `true` | +| `controller.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `controller.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` | +| `controller.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `controller.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` | +| `controller.persistence.annotations` | Annotations for the PVC | `{}` | +| `controller.persistence.labels` | Labels for the PVC | `{}` | +| `controller.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` | +| `controller.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` | +| `controller.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` | +| `controller.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `controller.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` | +| `controller.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `controller.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` | +| `controller.logPersistence.annotations` | Annotations for the PVC | `{}` | +| `controller.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` | +| `controller.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` | + +### Broker-only statefulset parameters + +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `broker.replicaCount` | Number of Kafka broker-only nodes | `0` | +| `broker.minId` | Minimal node.id values for broker-only nodes. Do not change after first initialization. | `100` | +| `broker.config` | Specify content for Kafka configuration for Kafka broker-only nodes (auto-generated based on other parameters otherwise) | `{}` | +| `broker.overrideConfiguration` | Kafka configuration override for Kafka broker-only nodes. Values defined here takes precedence over the ones defined at `broker.config` | `{}` | +| `broker.existingConfigmap` | Name of an existing ConfigMap with the Kafka configuration for Kafka broker-only nodes | `""` | +| `broker.secretConfig` | Additional configuration to be appended at the end of the generated Kafka configuration for Kafka broker-only nodes (store in a secret) | `""` | +| `broker.existingSecretConfig` | Secret with additional configuration that will be appended to the end of the generated Kafka configuration for Kafka broker-only nodes | `""` | +| `broker.heapOpts` | Kafka Java Heap size for broker-only nodes | `-Xmx1024m -Xms1024m` | +| `broker.command` | Override Kafka container command | `[]` | +| `broker.args` | Override Kafka container arguments | `[]` | +| `broker.extraEnvVars` | Extra environment variables to add to Kafka pods | `[]` | +| `broker.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `broker.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `broker.extraContainerPorts` | Kafka broker-only extra containerPorts. | `[]` | +| `broker.livenessProbe.enabled` | Enable livenessProbe on Kafka containers | `true` | +| `broker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `broker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `broker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `broker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `broker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `broker.readinessProbe.enabled` | Enable readinessProbe on Kafka containers | `true` | +| `broker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `broker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `broker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `broker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `broker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `broker.startupProbe.enabled` | Enable startupProbe on Kafka containers | `false` | +| `broker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `broker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `broker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `broker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `broker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `broker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `broker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `broker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `broker.lifecycleHooks` | lifecycleHooks for the Kafka container to automate configuration before or after startup | `{}` | +| `broker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if broker.resources is set (broker.resources is recommended for production). | `small` | +| `broker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `broker.podSecurityContext.enabled` | Enable security context for the pods | `true` | +| `broker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `broker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `broker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `broker.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | +| `broker.podSecurityContext.seccompProfile.type` | Set Kafka pod's Security Context seccomp profile | `RuntimeDefault` | +| `broker.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | +| `broker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `broker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `broker.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `broker.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | +| `broker.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | +| `broker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly only | `true` | +| `broker.containerSecurityContext.capabilities.drop` | Set Kafka containers' server Security Context capabilities to be dropped | `["ALL"]` | +| `broker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `broker.hostAliases` | Kafka pods host aliases | `[]` | +| `broker.hostNetwork` | Specify if host network should be enabled for Kafka pods | `false` | +| `broker.hostIPC` | Specify if host IPC should be enabled for Kafka pods | `false` | +| `broker.podLabels` | Extra labels for Kafka pods | `{}` | +| `broker.podAnnotations` | Extra annotations for Kafka pods | `{}` | +| `broker.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `broker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `broker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `broker.nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `broker.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `broker.affinity` | Affinity for pod assignment | `{}` | +| `broker.nodeSelector` | Node labels for pod assignment | `{}` | +| `broker.tolerations` | Tolerations for pod assignment | `[]` | +| `broker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `broker.terminationGracePeriodSeconds` | Seconds the pod needs to gracefully terminate | `""` | +| `broker.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` | +| `broker.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `broker.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` | +| `broker.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `broker.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `broker.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `broker.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` | +| `broker.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` | +| `broker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka container(s) | `[]` | +| `broker.sidecars` | Add additional sidecar containers to the Kafka pod(s) | `[]` | +| `broker.initContainers` | Add additional Add init containers to the Kafka pod(s) | `[]` | +| `broker.pdb.create` | Deploy a pdb object for the Kafka pod | `true` | +| `broker.pdb.minAvailable` | Maximum number/percentage of unavailable Kafka replicas | `""` | +| `broker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Kafka replicas | `""` | + +### Experimental: Kafka Broker Autoscaling configuration + +| Name | Description | Value | +| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `broker.autoscaling.vpa.enabled` | Enable VPA | `false` | +| `broker.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `broker.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `broker.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `broker.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `broker.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` | +| `broker.autoscaling.hpa.enabled` | Enable HPA for Kafka Broker | `false` | +| `broker.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` | +| `broker.autoscaling.hpa.minReplicas` | Minimum number of Kafka Broker replicas | `""` | +| `broker.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Broker replicas | `""` | +| `broker.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `broker.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `broker.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `broker.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `broker.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `broker.persistence.enabled` | Enable Kafka data persistence using PVC | `true` | +| `broker.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `broker.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` | +| `broker.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `broker.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` | +| `broker.persistence.annotations` | Annotations for the PVC | `{}` | +| `broker.persistence.labels` | Labels for the PVC | `{}` | +| `broker.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` | +| `broker.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` | +| `broker.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` | +| `broker.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `broker.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` | +| `broker.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `broker.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` | +| `broker.logPersistence.annotations` | Annotations for the PVC | `{}` | +| `broker.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` | +| `broker.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` | + +### Traffic Exposure parameters + +| Name | Description | Value | +| ----------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.ports.client` | Kafka svc port for client connections | `9092` | +| `service.ports.controller` | Kafka svc port for controller connections | `9093` | +| `service.ports.interbroker` | Kafka svc port for inter-broker connections | `9094` | +| `service.ports.external` | Kafka svc port for external connections | `9095` | +| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | +| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | +| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Kafka service Cluster IP | `""` | +| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | +| `service.loadBalancerClass` | Kafka service Load Balancer Class | `""` | +| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | +| `service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` | +| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for Kafka service | `{}` | +| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` | +| `service.headless.controller.labels` | Labels for the controller-eligible headless service. | `{}` | +| `service.headless.broker.annotations` | Annotations for the broker-only headless service. | `{}` | +| `service.headless.broker.labels` | Labels for the broker-only headless service. | `{}` | +| `service.headless.ipFamilies` | IP families for the headless service | `[]` | +| `service.headless.ipFamilyPolicy` | IP family policy for the headless service | `""` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | +| `externalAccess.controller.forceExpose` | If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes | `false` | +| `externalAccess.controller.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.controller.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | +| `externalAccess.controller.service.loadBalancerClass` | Kubernetes Service Load Balancer class for external access when service type is LoadBalancer | `""` | +| `externalAccess.controller.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.controller.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` | +| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | +| `externalAccess.controller.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | +| `externalAccess.controller.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | +| `externalAccess.controller.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `externalAccess.controller.service.labels` | Service labels for external access | `{}` | +| `externalAccess.controller.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.controller.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | +| `externalAccess.controller.service.ipFamilies` | IP families for the external controller service | `[]` | +| `externalAccess.controller.service.ipFamilyPolicy` | IP family policy for the external controller service | `""` | +| `externalAccess.broker.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.broker.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | +| `externalAccess.broker.service.loadBalancerClass` | Kubernetes Service Load Balancer class for external access when service type is LoadBalancer | `""` | +| `externalAccess.broker.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.broker.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` | +| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | +| `externalAccess.broker.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | +| `externalAccess.broker.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | +| `externalAccess.broker.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `externalAccess.broker.service.labels` | Service labels for external access | `{}` | +| `externalAccess.broker.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.broker.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | +| `externalAccess.broker.service.ipFamilies` | IP families for the external broker service | `[]` | +| `externalAccess.broker.service.ipFamilyPolicy` | IP family policy for the external broker service | `""` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.addExternalClientAccess` | Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressPodMatchLabels` | Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. | `{}` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for Kafka pods | `true` | +| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | + +### Metrics parameters + +| Name | Description | Value | +| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | +| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | +| `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` | +| `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` | +| `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` | +| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | +| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` | +| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `metrics.jmx.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation | `false` | +| `metrics.jmx.containerSecurityContext.readOnlyRootFilesystem` | Set Prometheus JMX exporter containers' Security Context readOnlyRootFilesystem | `true` | +| `metrics.jmx.containerSecurityContext.capabilities.drop` | Set Prometheus JMX exporter containers' Security Context capabilities to be dropped | `["ALL"]` | +| `metrics.jmx.containerPorts.metrics` | Prometheus JMX exporter metrics container port | `5556` | +| `metrics.jmx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.jmx.resources is set (metrics.jmx.resources is recommended for production). | `micro` | +| `metrics.jmx.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.jmx.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.jmx.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `metrics.jmx.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.jmx.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `metrics.jmx.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.jmx.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.jmx.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.jmx.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `metrics.jmx.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.jmx.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `metrics.jmx.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.jmx.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.jmx.service.ports.metrics` | Prometheus JMX exporter metrics service port | `5556` | +| `metrics.jmx.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `metrics.jmx.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `metrics.jmx.service.annotations` | Annotations for the Prometheus JMX exporter service | `{}` | +| `metrics.jmx.service.ipFamilies` | IP families for the jmx metrics service | `[]` | +| `metrics.jmx.service.ipFamilyPolicy` | IP family policy for the jmx metrics service | `""` | +| `metrics.jmx.whitelistObjectNames` | Allows setting which JMX objects you want to expose to via JMX stats to JMX exporter | `["kafka.controller:*","kafka.server:*","java.lang:*","kafka.network:*","kafka.log:*"]` | +| `metrics.jmx.config` | Configuration file for JMX exporter | `""` | +| `metrics.jmx.existingConfigmap` | Name of existing ConfigMap with JMX exporter configuration | `""` | +| `metrics.jmx.extraRules` | Add extra rules to JMX exporter configuration | `""` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.path` | Path where JMX exporter serves metrics | `/metrics` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (requires `metrics.jmx.enabled` to be `true`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.groups` | Prometheus Rule Groups for Kafka | `[]` | + +### Kafka provisioning parameters + +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `provisioning.enabled` | Enable Kafka provisioning Job | `false` | +| `provisioning.waitForKafka` | Whether an init container should be created to wait until Kafka is ready before provisioning | `true` | +| `provisioning.useHelmHooks` | Flag to indicate usage of helm hooks | `true` | +| `provisioning.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `provisioning.numPartitions` | Default number of partitions for topics when unspecified | `1` | +| `provisioning.replicationFactor` | Default replication factor for topics when unspecified | `1` | +| `provisioning.topics` | Kafka topics to provision | `[]` | +| `provisioning.nodeSelector` | Node labels for pod assignment | `{}` | +| `provisioning.tolerations` | Tolerations for pod assignment | `[]` | +| `provisioning.extraProvisioningCommands` | Extra commands to run to provision cluster resources | `[]` | +| `provisioning.parallel` | Number of provisioning commands to run at the same time | `1` | +| `provisioning.preScript` | Extra bash script to run before topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations | `""` | +| `provisioning.postScript` | Extra bash script to run after topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations | `""` | +| `provisioning.auth.tls.type` | Format to use for TLS certificates. Allowed types: `JKS` and `PEM`. | `jks` | +| `provisioning.auth.tls.certificatesSecret` | Existing secret containing the TLS certificates for the Kafka provisioning Job. | `""` | +| `provisioning.auth.tls.cert` | The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt) | `tls.crt` | +| `provisioning.auth.tls.key` | The secret key from the certificatesSecret if 'key' key different from the default (tls.key) | `tls.key` | +| `provisioning.auth.tls.caCert` | The secret key from the certificatesSecret if 'caCert' key different from the default (ca.crt) | `ca.crt` | +| `provisioning.auth.tls.keystore` | The secret key from the certificatesSecret if 'keystore' key different from the default (keystore.jks) | `keystore.jks` | +| `provisioning.auth.tls.truststore` | The secret key from the certificatesSecret if 'truststore' key different from the default (truststore.jks) | `truststore.jks` | +| `provisioning.auth.tls.passwordsSecret` | Name of the secret containing passwords to access the JKS files or PEM key when they are password-protected. | `""` | +| `provisioning.auth.tls.keyPasswordSecretKey` | The secret key from the passwordsSecret if 'keyPasswordSecretKey' key different from the default (key-password) | `key-password` | +| `provisioning.auth.tls.keystorePasswordSecretKey` | The secret key from the passwordsSecret if 'keystorePasswordSecretKey' key different from the default (keystore-password) | `keystore-password` | +| `provisioning.auth.tls.truststorePasswordSecretKey` | The secret key from the passwordsSecret if 'truststorePasswordSecretKey' key different from the default (truststore-password) | `truststore-password` | +| `provisioning.auth.tls.keyPassword` | Password to access the password-protected PEM key if necessary. Ignored if 'passwordsSecret' is provided. | `""` | +| `provisioning.auth.tls.keystorePassword` | Password to access the JKS keystore. Ignored if 'passwordsSecret' is provided. | `""` | +| `provisioning.auth.tls.truststorePassword` | Password to access the JKS truststore. Ignored if 'passwordsSecret' is provided. | `""` | +| `provisioning.command` | Override provisioning container command | `[]` | +| `provisioning.args` | Override provisioning container arguments | `[]` | +| `provisioning.extraEnvVars` | Extra environment variables to add to the provisioning pod | `[]` | +| `provisioning.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `provisioning.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `provisioning.podAnnotations` | Extra annotations for Kafka provisioning pods | `{}` | +| `provisioning.podLabels` | Extra labels for Kafka provisioning pods | `{}` | +| `provisioning.serviceAccount.create` | Enable creation of ServiceAccount for Kafka provisioning pods | `true` | +| `provisioning.serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` | +| `provisioning.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `provisioning.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). | `micro` | +| `provisioning.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `provisioning.podSecurityContext.enabled` | Enable security context for the pods | `true` | +| `provisioning.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `provisioning.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `provisioning.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `provisioning.podSecurityContext.fsGroup` | Set Kafka provisioning pod's Security Context fsGroup | `1001` | +| `provisioning.podSecurityContext.seccompProfile.type` | Set Kafka provisioning pod's Security Context seccomp profile | `RuntimeDefault` | +| `provisioning.containerSecurityContext.enabled` | Enable Kafka provisioning containers' Security Context | `true` | +| `provisioning.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `provisioning.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `provisioning.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `provisioning.containerSecurityContext.runAsNonRoot` | Set Kafka provisioning containers' Security Context runAsNonRoot | `true` | +| `provisioning.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka provisioning containers' Security Context allowPrivilegeEscalation | `false` | +| `provisioning.containerSecurityContext.readOnlyRootFilesystem` | Set Kafka provisioning containers' Security Context readOnlyRootFilesystem | `true` | +| `provisioning.containerSecurityContext.capabilities.drop` | Set Kafka provisioning containers' Security Context capabilities to be dropped | `["ALL"]` | +| `provisioning.schedulerName` | Name of the k8s scheduler (other than default) for kafka provisioning | `""` | +| `provisioning.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `provisioning.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka provisioning pod(s) | `[]` | +| `provisioning.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka provisioning container(s) | `[]` | +| `provisioning.sidecars` | Add additional sidecar containers to the Kafka provisioning pod(s) | `[]` | +| `provisioning.initContainers` | Add additional Add init containers to the Kafka provisioning pod(s) | `[]` | + +```console +helm install my-release \ + --set controller.replicaCount=3 \ + oci://REGISTRY_NAME/REPOSITORY_NAME/kafka +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command deploys Kafka with 3 Kafka controller-eligible nodes. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/kafka +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/kafka/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 32.0.0 + +This major release bumps Kafka major version to `4.y.z` series. This version implies a significant milestone given now Kafka operates operate entirely without Apache ZooKeeper, running in KRaft mode by default. As a consequence, **ZooKeeper is no longer a chart dependency and every related parameter has been removed.**. Upgrading from `31.y.z` chart version is not supported unless KRaft mode was already enabled. + +Also, some KRaft-related parameters have been renamed or removed: + +- `kraft.enabled` has been removed. Kafka now operates in KRaft mode by default. +- `kraft.controllerQuorumVoters` has been renamed to `controller.quorumVoters`. +- `kraft.clusterId` and `kraft.existingClusterIdSecret` have been renamed to `clusterId` and `existingKraftSecret`, respectively. + +Other notable changes: + +- `log4j` and `existingLog4jConfig` parameters have been renamed to `log4j2` and `existingLog4j2ConfigMap`, respectively. +- `controller.quorumVoters` has been removed in favor of `controller.quorumBootstrapServers`. +- `brokerRackAssignment` and `brokerRackAssignmentApiVersion` are deprecated in favor of `brokerRackAwareness.*` parameters. +- `tls.autoGenerated` boolean is now an object with extended configuration options. +- `volumePermissions` parameters have been moved under `defaultInitContainers` parameter. +- `externalAccess.autoDiscovery` parameters have been moved under `defaultInitContainers` parameter. +- `controller.initContainerResources` and `broker.initContainerResources` have been removed. Use `defaultInitContainers.prepareConfig.resources` instead. +- `extraInit` has been renamed to `defaultInitContainers.prepareConfig.extraInit`. + +### To 31.1.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + +### To 31.0.0 + +This major release bumps the Kafka version to 3.9. Find notable changes in [kafka upgrade notes](https://kafka.apache.org/39/documentation.html#upgrade). + +### To 30.0.0 + +This major release bumps the Kafka version to 3.8. Find notable changes in [kafka upgrade notes](https://kafka.apache.org/38/documentation.html#upgrade). + +### To 29.0.0 + +This major version of Kafka deprecates Kafka Exporter component. + +### To 28.0.0 + +This major bump changes the following security defaults: + +- `runAsGroup` is changed from `0` to `1001` +- `readOnlyRootFilesystem` is set to `true` +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. +- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts` and `extraContainerPorts`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 26.0.0 + +This major release bumps the Kafka version to 3.6 [kafka upgrade notes](https://kafka.apache.org/36/documentation.html#upgrade). + +### To 25.0.0 + +This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200). + +### To 24.0.0 + +This major version is a refactor of the Kafka chart and its architecture, to better adapt to Kraft features introduced in version 22.0.0. + +The changes introduced in this version are: + +- New architecture. The chart now has two statefulsets, one for controller-eligible nodes (controller or controller+broker) and another one for broker-only nodes. Please take a look at the subsections [Upgrading from Kraft mode](#upgrading-from-kraft-mode) and [Upgrading from Zookeeper mode](#upgrading-from-zookeeper-mode) for more information about how to upgrade this chart depending on which mode you were using. + + The new architecture is designed to support two main features: + - Deployment of dedicated nodes + - Support for Zookeeper to Kraft migration + +- Adds compatibility with `securityContext.readOnlyRootFs=true`, which is now the execution default. + - The Kafka configuration is now mounted as a ConfigMap instead of generated at runtime. + - Due to the implementation of readOnlyRootFs support, the following settings have been removed and will now rely on Kafka defaults. To override them, please use `extraConfig` to extend your Kafka configuration instead. + - `deleteTopicEnable` + - `autoCreateTopicsEnable` + - `logFlushIntervalMessages` + - `logFlushIntervalMs` + - `logRetentionBytes` + - `logRetentionCheckIntervalMs` + - `logRetentionHours` + - `logSegmentBytes` + - `logsDirs` + - `maxMessageBytes` + - `defaultReplicationFactor` + - `offsetsTopicReplicationFactor` + - `transactionStateLogReplicationFactor` + - `transactionStateLogMinIsr` + - `numIoThreads` + - `numNetworkThreads` + - `numPartitions` + - `numRecoveryThreadsPerDataDir` + - `socketReceiveBufferBytes` + - `socketRequestMaxBytes` + - `socketSendBufferBytes` + - `zookeeperConnectionTimeoutMs` + - `authorizerClassName` + - `allowEveryoneIfNoAclFound` + - `superUsers` +- All listeners are configured with protocol 'SASL_PLAINTEXT' by default. +- Support for SCRAM authentication in KRaft mode +- All statefulset settings have been moved from values' root to `controller.*` and `broker.*`. +- Refactor of listeners configuration: + - Settings `listeners`, `advertisedListeners` and `listenerSecurityProtocolMap` have been replaced with `listeners.*` object, which includes default listeners and each listener can be configured individually and extended using `listeners.extraListeners`. + - Values `interBrokerListenerName`, `allowPlaintextListener` have been removed. +- Refactor of SASL, SSL and ACL settings: + - Authentication nomenclature `plaintext,tls,mtls,sasl,sasl_tls` has been removed. Listeners are now configured using Kafka nomenclature `PLAINTEXT,SASL_PLAINTEXT,SASL_SSL,SSL` in `listeners.*.protocol`. + - mTLS is configured by default for SSL protocol listeners, while it can now also be configured for SASL_SSL listeners if `listener.*.sslClientAuth` is set. + - All SASL settings are now grouped under `sasl.*`. + - `auth.sasl.mechanisms` -> `sasl.enabledMechanisms` + - `auth.interBrokerMechanism` -> `sasl.interBrokerMechanism` + - `auth.sasl.jaas.clientUSers` -> `sasl.client.users` + - `auth.sasl.jaas.clientPasswords` -> `sasl.client.passwords` + - `auth.sasl.jaas.interBrokerUser` -> `sasl.interbroker.user` + - `auth.sasl.jaas.interBrokerPassword` -> `sasl.interbroker.password` + - `auth.sasl.jaas.zookeeperUser` -> `sasl.zookeeper.user` + - `auth.sasl.jaas.zookeeperPassword` -> `sasl.zookeeper.password` + - `auth.sasl.jaas.existingSecret` -> `sasl.existingSecret` + - Added support for Controller listener protocols other than PLAINTEXT. + - TLS settings have been moved from `auth.tls.*` to `tls.*`. + - Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*` +- Refactor externalAccess to support the new architecture: + - `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.broker.service.*`. + - Controller pods will not configure externalAccess unless either: + - `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes; or + - `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally. +- TLS certificates value `tls.existingSecret` no longer supports an array of secrets (1 secret per node). It now accepts a single secret containing multiple certificates named `kafka--` for each Kafka pod, or alternatively, a single certificate shared by all Kafka nodes using wildcard CN and/or SubjectAltNames. **NOTE**: If using CertManager to automatically generate the certificate secrets, only the single certificate approach would be supported. + +#### Upgrading from Kraft mode + +If upgrading from Kraft mode, existing PVCs from Kafka containers should be reattached to 'controller' pods. + +#### Upgrading from Zookeeper mode + +If upgrading from Zookeeper mode, make sure you set 'controller.replicaCount=0' and reattach the existing PVCs to 'broker' pods. +This will allow you to perform a migration to Kraft mode in the future by following the following section. + +##### Migrating from Zookeeper (Early access) + +This guide is an adaptation from upstream documentation: [Migrate from ZooKeeper to KRaft](https://docs.confluent.io/platform/current/installation/migrate-zk-kraft.html) + +1. Retrieve the cluster ID from Zookeeper: + + ```console + $ kubectl exec -it -- zkCli.sh get /cluster/id + /opt/bitnami/java/bin/java + Connecting to localhost:2181 + + WATCHER:: + + WatchedEvent state:SyncConnected type:None path:null + {"version":"1","id":"TEr3HVPvTqSWixWRHngP5g"} + ``` + +2. Deploy at least one Kraft controller-only in your deployment and enable `zookeeperMigrationMode=true`. The Kraft controllers will migrate the data from your Kafka ZkBroker to Kraft mode. + + To do so add the following values to your Zookeeper deployment when upgrading: + + ```yaml + controller: + replicaCount: 1 + controllerOnly: true + zookeeperMigrationMode: true + # If needed, set controllers minID to avoid conflict with your ZK brokers' ids. + # minID: 0 + broker: + zookeeperMigrationMode: true + kraft: + enabled: true + clusterId: "" + ``` + +3. Wait until until all brokers are ready. You should see the following log in the broker logs: + + ```console + INFO [KafkaServer id=100] Finished catching up on KRaft metadata log, requesting that the KRaft controller unfence this broker (kafka.server.KafkaServer) + INFO [BrokerLifecycleManager id=100 isZkBroker=true] The broker has been unfenced. Transitioning from RECOVERY to RUNNING. (kafka.server.BrokerLifecycleManager) + ``` + + In the controllers, the following message should show up: + + ```console + Transitioning ZK migration state from PRE_MIGRATION to MIGRATION (org.apache.kafka.controller.FeatureControlManager) + ``` + +4. Once all brokers have been successfully migrated, set `broker.zookeeperMigrationMode=false` to fully migrate them. + + ```yaml + broker: + zookeeperMigrationMode: false + ``` + +5. To conclude the migration, switch off migration mode on controllers and stop Zookeeper: + + ```yaml + controller: + zookeeperMigrationMode: false + zookeeper: + enabled: false + ``` + + After migration is complete, you should see the following message in your controllers: + + ```console + [2023-07-13 13:07:45,226] INFO [QuorumController id=1] Transitioning ZK migration state from MIGRATION to POST_MIGRATION (org.apache.kafka.controller.FeatureControlManager) + ``` + +6. (**Optional**) If you would like to switch to a non-dedicated cluster, set `controller.controllerOnly=false`. This will cause controller-only nodes to switch to controller+broker nodes. + + At that point, you could manually decommission broker-only nodes by reassigning its partitions to controller-eligible nodes. + + For more information about decommissioning kafka broker check the [Kafka documentation](https://www.confluent.io/blog/remove-kafka-brokers-from-any-cluster-the-easy-way/). + +#### Retaining PersistentVolumes + +When upgrading the Kafka chart, you may want to retain your existing data. To do so, we recommend following this guide: + +**NOTE**: This guide requires the binaries 'kubectl' and 'jq'. + +```console +# Env variables +REPLICA=0 +OLD_PVC="data--kafka-${REPLICA}" +NEW_PVC="data--kafka--${REPLICA}" +PV_NAME=$(kubectl get pvc $OLD_PVC -o jsonpath="{.spec.volumeName}") +NEW_PVC_MANIFEST_FILE="$NEW_PVC.yaml" + +# Modify PV reclaim policy +kubectl patch pv $PV_NAME -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' +# Manually check field 'RECLAIM POLICY' +kubectl get pv $PV_NAME + +# Create new PVC manifest +kubectl get pvc $OLD_PVC -o json | jq " + .metadata.name = \"$NEW_PVC\" + | with_entries( + select([.key] | + inside([\"metadata\", \"spec\", \"apiVersion\", \"kind\"])) + ) + | del( + .metadata.annotations, .metadata.creationTimestamp, + .metadata.finalizers, .metadata.resourceVersion, + .metadata.selfLink, .metadata.uid + ) + " > $NEW_PVC_MANIFEST_FILE +# Check manifest +cat $NEW_PVC_MANIFEST_FILE + +# Delete your old Statefulset and PVC +kubectl delete sts "-kafka" +kubectl delete pvc $OLD_PVC +# Make PV available again and create the new PVC +kubectl patch pv $PV_NAME -p '{"spec":{"claimRef": null}}' +kubectl apply -f $NEW_PVC_MANIFEST_FILE +``` + +Repeat this process for each replica you had in your Kafka cluster. Once completed, upgrade the cluster and the new Statefulset should reuse the existing PVCs. + +### To 23.0.0 + +This major updates Kafka to its newest version, 3.5.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/35/documentation.html#upgrade). + +### To 22.0.0 + +This major updates the Kafka's configuration to use Kraft by default. You can learn more about this configuration [here](https://developer.confluent.io/learn/kraft). Apart from seting the `kraft.enabled` parameter to `true`, we also made the following changes: + +- Renamed `minBrokerId` parameter to `minId` to set the minimum ID to use when configuring the node.id or broker.id parameter depending on the Kafka's configuration. This parameter sets the `KAFKA_CFG_NODE_ID` env var in the container. +- Updated the `containerPorts` and `service.ports` parameters to include the new controller port. + +### To 21.0.0 + +This major updates Kafka to its newest version, 3.4.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/34/documentation.html#upgrade). + +### To 20.0.0 + +This major updates the Zookeeper subchart to it newest major, 11.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1100). + +### To 19.0.0 + +This major updates Kafka to its newest version, 3.3.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/33/documentation.html#upgrade). + +### To 18.0.0 + +This major updates the Zookeeper subchart to it newest major, 10.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1000). + +### To 16.0.0 + +This major updates the Zookeeper subchart to it newest major, 9.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-900). + +### To 15.0.0 + +This major release bumps Kafka major version to `3.x` series. +It also renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. Some affected values are: + +- `service.port`, `service.internalPort` and `service.externalPort` have been regrouped under the `service.ports` map. +- `metrics.kafka.service.port` has been regrouped under the `metrics.kafka.service.ports` map. +- `metrics.jmx.service.port` has been regrouped under the `metrics.jmx.service.ports` map. +- `updateStrategy` (string) and `rollingUpdatePartition` are regrouped under the `updateStrategy` map. +- Several parameters marked as deprecated `14.x.x` are not supported anymore. + +Additionally updates the ZooKeeper subchart to it newest major, `8.0.0`, which contains similar changes. + +### To 14.0.0 + +In this version, the `image` block is defined once and is used in the different templates, while in the previous version, the `image` block was duplicated for the main container and the provisioning one + +```yaml +image: + registry: docker.io + repository: bitnami/kafka + tag: 2.8.0 +``` + +VS + +```yaml +image: + registry: docker.io + repository: bitnami/kafka + tag: 2.8.0 +... +provisioning: + image: + registry: docker.io + repository: bitnami/kafka + tag: 2.8.0 +``` + +See [PR#7114](https://github.com/bitnami/charts/pull/7114) for more info about the implemented changes + +### To 13.0.0 + +This major updates the Zookeeper subchart to it newest major, 7.0.0, which renames all TLS-related settings. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-700). + +### To 12.2.0 + +This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 12.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +### To 11.8.0 + +External access to brokers can now be achieved through the cluster's Kafka service. + +- `service.nodePort` -> deprecated in favor of `service.nodePorts.client` and `service.nodePorts.external` + +### To 11.7.0 + +The way to configure the users and passwords changed. Now it is allowed to create multiple users during the installation by providing the list of users and passwords. + +- `auth.jaas.clientUser` (string) -> deprecated in favor of `auth.jaas.clientUsers` (array). +- `auth.jaas.clientPassword` (string) -> deprecated in favor of `auth.jaas.clientPasswords` (array). + +### To 11.0.0 + +The way to configure listeners and athentication on Kafka is totally refactored allowing users to configure different authentication protocols on different listeners. Please check the [Listeners Configuration](#listeners-configuration) section for more information. + +Backwards compatibility is not guaranteed you adapt your values.yaml to the new format. Here you can find some parameters that were renamed or disappeared in favor of new ones on this major version: + +- `auth.enabled` -> deprecated in favor of `auth.clientProtocol` and `auth.interBrokerProtocol` parameters. +- `auth.ssl` -> deprecated in favor of `auth.clientProtocol` and `auth.interBrokerProtocol` parameters. +- `auth.certificatesSecret` -> renamed to `auth.jksSecret`. +- `auth.certificatesPassword` -> renamed to `auth.jksPassword`. +- `sslEndpointIdentificationAlgorithm` -> renamedo to `auth.tlsEndpointIdentificationAlgorithm`. +- `auth.interBrokerUser` -> renamed to `auth.jaas.interBrokerUser` +- `auth.interBrokerPassword` -> renamed to `auth.jaas.interBrokerPassword` +- `auth.zookeeperUser` -> renamed to `auth.jaas.zookeeperUser` +- `auth.zookeeperPassword` -> renamed to `auth.jaas.zookeeperPassword` +- `auth.existingSecret` -> renamed to `auth.jaas.existingSecret` +- `service.sslPort` -> deprecated in favor of `service.internalPort` +- `service.nodePorts.kafka` and `service.nodePorts.ssl` -> deprecated in favor of `service.nodePort` +- `metrics.kafka.extraFlag` -> new parameter +- `metrics.kafka.certificatesSecret` -> new parameter + +### To 10.0.0 + +If you are setting the `config` or `log4j` parameter, backwards compatibility is not guaranteed, because the `KAFKA_MOUNTED_CONFDIR` has moved from `/opt/bitnami/kafka/conf` to `/bitnami/kafka/config`. In order to continue using these parameters, you must also upgrade your image to `docker.io/bitnami/kafka:2.4.1-debian-10-r38` or later. + +### To 9.0.0 + +Backwards compatibility is not guaranteed you adapt your values.yaml to the new format. Here you can find some parameters that were renamed on this major version: + +```diff +- securityContext.enabled +- securityContext.fsGroup +- securityContext.fsGroup ++ podSecurityContext +- externalAccess.service.loadBalancerIP ++ externalAccess.service.loadBalancerIPs +- externalAccess.service.nodePort ++ externalAccess.service.nodePorts +- metrics.jmx.configMap.enabled +- metrics.jmx.configMap.overrideConfig ++ metrics.jmx.config +- metrics.jmx.configMap.overrideName ++ metrics.jmx.existingConfigmap +``` + +Ports names were prefixed with the protocol to comply with Istio (see ). + +### To 8.0.0 + +There is not backwards compatibility since the brokerID changes to the POD_NAME. For more information see [this PR](https://github.com/bitnami/charts/pull/2028). + +### To 7.0.0 + +Backwards compatibility is not guaranteed when Kafka metrics are enabled, unless you modify the labels used on the exporter deployments. +Use the workaround below to upgrade from versions previous to 7.0.0. The following example assumes that the release name is kafka: + +```console +helm upgrade kafka oci://REGISTRY_NAME/REPOSITORY_NAME/kafka --version 6.1.8 --set metrics.kafka.enabled=false +helm upgrade kafka oci://REGISTRY_NAME/REPOSITORY_NAME/kafka --version 7.0.0 --set metrics.kafka.enabled=true +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +### To 2.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is kafka: + +```console +kubectl delete statefulset kafka-kafka --cascade=false +kubectl delete statefulset kafka-zookeeper --cascade=false +``` + +### To 1.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is kafka: + +```console +kubectl delete statefulset kafka-kafka --cascade=false +kubectl delete statefulset kafka-zookeeper --cascade=false +``` + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/helm/kafka/templates/NOTES.txt b/helm/kafka/templates/NOTES.txt new file mode 100644 index 000000000..4486adfef --- /dev/null +++ b/helm/kafka/templates/NOTES.txt @@ -0,0 +1,338 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information. + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/kafka/entrypoint.sh /opt/bitnami/scripts/kafka/run.sh + +{{- else }} + +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "common.names.fullname" . }} +{{- $clientPort := int .Values.listeners.client.containerPort }} + +{{- if and (or (eq .Values.service.type "LoadBalancer") .Values.externalAccess.enabled) (eq (upper .Values.listeners.external.protocol) "PLAINTEXT") }} +--------------------------------------------------------------------------------------------- + WARNING + + By specifying "serviceType=LoadBalancer" and not configuring the authentication + you have most likely exposed the Kafka service externally without any + authentication mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As alternative, you can also configure the Kafka authentication. + +--------------------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +Kafka can be accessed by consumers via port {{ $clientPort }} on the following DNS name from within your cluster: + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }} + +Each Kafka broker can be accessed by producers via port {{ $clientPort }} on the following DNS name(s) from within your cluster: + +{{- $brokerList := list }} +{{- if not .Values.controller.controllerOnly }} +{{- range $i := until (int .Values.controller.replicaCount) }} +{{- $brokerList = append $brokerList (printf "%s-controller-%d.%s-controller-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $clientPort) }} +{{- end }} +{{- end }} +{{- range $i := until (int .Values.broker.replicaCount) }} +{{- $brokerList = append $brokerList (printf "%s-broker-%d.%s-broker-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $clientPort) }} +{{- end }} +{{ join "\n" $brokerList | nindent 4 }} +{{- $clientSaslEnabled := regexFind "SASL" (upper .Values.listeners.client.protocol) }} +{{- $clientSslEnabled := regexFind "SSL" (upper .Values.listeners.client.protocol) }} +{{- $clientMTlsEnabled := or (and .Values.listeners.client.sslClientAuth (not (eq .Values.listeners.client.sslClientAuth "none"))) (and (empty .Values.listeners.client.sslClientAuth) (not (eq .Values.tls.sslClientAuth "none"))) }} +{{- if or $clientSaslEnabled $clientSslEnabled }} + +The {{ upper .Values.listeners.client.name }} listener for Kafka client connections from within your cluster have been configured with the following security settings: + {{- if $clientSaslEnabled }} + - SASL authentication + {{- end }} + {{- if $clientSslEnabled }} + - TLS encryption + {{- end }} + {{- if and $clientSslEnabled $clientMTlsEnabled }} + - mTLS authentication + {{- end }} + +To connect a client to your Kafka, you need to create the 'client.properties' configuration files with the content below: + +security.protocol={{ .Values.listeners.client.protocol }} +{{- if $clientSaslEnabled }} +{{- if regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms ) }} +sasl.jaas.config="org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required"\ + clientId="" \ + password=""; +sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler +sasl.oauthbearer.token.endpoint.url={{ .Values.sasl.oauthbearer.tokenEndpointUrl }} +{{- else }} +{{- if regexFind "SCRAM-SHA-256" (upper .Values.sasl.enabledMechanisms) }} +sasl.mechanism=SCRAM-SHA-256 +{{- else if regexFind "SCRAM-SHA-512" (upper .Values.sasl.enabledMechanisms) }} +sasl.mechanism=SCRAM-SHA-512 +{{- else if regexFind "PLAIN" (upper .Values.sasl.enabledMechanisms) }} +sasl.mechanism=PLAIN +{{- end }} +{{- $securityModule := ternary "org.apache.kafka.common.security.scram.ScramLoginModule required" "org.apache.kafka.common.security.plain.PlainLoginModule required" (regexMatch "SCRAM" (upper .Values.sasl.enabledMechanisms)) }} +sasl.jaas.config={{ $securityModule }} \ + username="{{ index .Values.sasl.client.users 0 }}" \ + password="$(kubectl get secret {{ $fullname }}-user-passwords --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)"; +{{- end }} +{{- end }} +{{- if $clientSslEnabled }} +{{- $clientTlsType := upper .Values.tls.type }} +ssl.truststore.type={{ $clientTlsType }} +{{- if eq $clientTlsType "JKS" }} +ssl.truststore.location=/tmp/kafka.truststore.jks +# Uncomment this line if your client truststore is password protected +#ssl.truststore.password= +{{- else if eq $clientTlsType "PEM" }} +ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \ +... \ +-----END CERTIFICATE----- +{{- end }} +{{- if and $clientMTlsEnabled }} +ssl.keystore.type={{ $clientTlsType }} +{{- if eq $clientTlsType "JKS" }} +ssl.keystore.location=/tmp/client.keystore.jks +# Uncomment this line if your client truststore is password protected +#ssl.keystore.password= +{{- else if eq $clientTlsType "PEM" }} +ssl.keystore.certificate.chain=-----BEGIN CERTIFICATE----- \ +... \ +-----END CERTIFICATE----- +ssl.keystore.key=-----BEGIN ENCRYPTED PRIVATE KEY----- \ +... \ +-----END ENCRYPTED PRIVATE KEY----- +{{- end }} +{{- end }} +{{- if eq .Values.tls.endpointIdentificationAlgorithm "" }} +ssl.endpoint.identification.algorithm= +{{- end }} +{{- end }} +{{- end }} + +To create a pod that you can use as a Kafka client run the following commands: + + kubectl run {{ $fullname }}-client --restart='Never' --image {{ template "kafka.image" . }} --namespace {{ $releaseNamespace }} --command -- sleep infinity + {{- if or $clientSaslEnabled $clientSslEnabled }} + kubectl cp --namespace {{ $releaseNamespace }} /path/to/client.properties {{ $fullname }}-client:/tmp/client.properties + {{- end }} + {{- if and $clientSslEnabled (eq (upper .Values.tls.type) "JKS") }} + kubectl cp --namespace {{ $releaseNamespace }} ./kafka.truststore.jks {{ $fullname }}-client:/tmp/kafka.truststore.jks + {{- if $clientMTlsEnabled }} + kubectl cp --namespace {{ $releaseNamespace }} ./client.keystore.jks {{ $fullname }}-client:/tmp/client.keystore.jks + {{- end }} + {{- end }} + kubectl exec --tty -i {{ $fullname }}-client --namespace {{ $releaseNamespace }} -- bash + + PRODUCER: + kafka-console-producer.sh \ + {{- if or $clientSaslEnabled $clientSslEnabled }} + --producer.config /tmp/client.properties \ + {{- end }} + --bootstrap-server {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ .Values.service.ports.client }} \ + --topic test + + CONSUMER: + kafka-console-consumer.sh \ + {{- if or $clientSaslEnabled $clientSslEnabled }} + --consumer.config /tmp/client.properties \ + {{- end }} + --bootstrap-server {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ .Values.service.ports.client }} \ + --topic test \ + --from-beginning + +{{- if .Values.externalAccess.enabled }} +{{- if or (not .Values.controller.controllerOnly) .Values.externalAccess.controller.forceExpose }} + +{{- if and .Values.controller.controllerOnly .Values.externalAccess.controller.forceExpose }} +To connect to your Kafka controller-only nodes from outside the cluster, follow these instructions: +{{- else }} +To connect to your Kafka controller+broker nodes from outside the cluster, follow these instructions: +{{- end }} + +{{- if eq "NodePort" .Values.externalAccess.controller.service.type }} + {{- if .Values.externalAccess.controller.service.domain }} + Kafka brokers domain: Use your provided hostname to reach Kafka brokers, {{ .Values.externalAccess.controller.service.domain }} + + {{- else }} + Kafka brokers domain: You can get the external node IP from the Kafka configuration file with the following commands (Check the EXTERNAL listener) + + 1. Obtain the pod name: + + kubectl get pods --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka" + + 2. Obtain pod configuration: + + kubectl exec -it KAFKA_POD -- cat /opt/bitnami/kafka/config/server.properties | grep advertised.listeners + + {{- end }} + Kafka brokers port: You will have a different node port for each Kafka broker. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if eq "LoadBalancer" .Values.externalAccess.controller.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -w' + + Kafka Brokers domain: You will have a different external IP for each Kafka broker. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + Kafka Brokers port: {{ .Values.externalAccess.controller.service.ports.external }} + +{{- else if eq "ClusterIP" .Values.externalAccess.controller.service.type }} + Kafka brokers domain: Use your provided hostname to reach Kafka brokers, {{ .Values.externalAccess.controller.service.domain }} + + Kafka brokers port: You will have a different port for each Kafka broker starting at {{ .Values.externalAccess.controller.service.ports.external }} + +{{- end }} +{{- end }} + +{{- $brokerReplicaCount := int .Values.broker.replicaCount -}} +{{- if gt $brokerReplicaCount 0 }} +To connect to your Kafka broker nodes from outside the cluster, follow these instructions: + +{{- if eq "NodePort" .Values.externalAccess.broker.service.type }} + {{- if .Values.externalAccess.broker.service.domain }} + Kafka brokers domain: Use your provided hostname to reach Kafka brokers, {{ .Values.externalAccess.broker.service.domain }} + + {{- else }} + Kafka brokers domain: You can get the external node IP from the Kafka configuration file with the following commands (Check the EXTERNAL listener) + + 1. Obtain the pod name: + + kubectl get pods --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka" + + 2. Obtain pod configuration: + + kubectl exec -it KAFKA_POD -- cat /opt/bitnami/kafka/config/server.properties | grep advertised.listeners + + {{- end }} + Kafka brokers port: You will have a different node port for each Kafka broker. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if eq "LoadBalancer" .Values.externalAccess.broker.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -w' + + Kafka Brokers domain: You will have a different external IP for each Kafka broker. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ include "common.names.namespace" . }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + Kafka Brokers port: {{ .Values.externalAccess.broker.service.ports.external }} + +{{- else if eq "ClusterIP" .Values.externalAccess.broker.service.type }} + Kafka brokers domain: Use your provided hostname to reach Kafka brokers, {{ .Values.externalAccess.broker.service.domain }} + + Kafka brokers port: You will have a different port for each Kafka broker starting at {{ .Values.externalAccess.broker.service.ports.external }} + +{{- end }} +{{- end }} +{{- if or $clientSaslEnabled $clientSslEnabled }} +{{- $externalSaslEnabled := regexFind "SASL" (upper .Values.listeners.external.protocol) }} +{{- $externalSslEnabled := regexFind "SSL" (upper .Values.listeners.external.protocol) }} +{{- $externalMTlsEnabled := or (and .Values.listeners.external.sslClientAuth (not (eq .Values.listeners.external.sslClientAuth "none"))) (and (empty .Values.listeners.external.sslClientAuth) (not (eq .Values.tls.sslClientAuth "none"))) }} + +The {{ upper .Values.listeners.external.name }} listener for Kafka client connections from within your cluster have been configured with the following settings: + {{- if $externalSaslEnabled }} + - SASL authentication + {{- end }} + {{- if $externalSslEnabled }} + - TLS encryption + {{- end }} + {{- if and $externalSslEnabled $externalMTlsEnabled }} + - mTLS authentication + {{- end }} + +To connect a client to your Kafka, you need to create the 'client.properties' configuration files with the content below: + +security.protocol={{ .Values.listeners.external.protocol }} +{{- if $externalSaslEnabled }} +{{- if regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms ) }} +sasl.jaas.config="org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required"\ + clientId="" \ + password=""; +sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler +sasl.oauthbearer.token.endpoint.url={{ .Values.sasl.oauthbearer.tokenEndpointUrl }} +{{- else }} +{{- if regexFind "SCRAM-SHA-256" (upper .Values.sasl.enabledMechanisms) }} +sasl.mechanism=SCRAM-SHA-256 +{{- else if regexFind "SCRAM-SHA-512" (upper .Values.sasl.enabledMechanisms) }} +sasl.mechanism=SCRAM-SHA-512 +{{- else }} +sasl.mechanism=PLAIN +{{- end }} +{{- $securityModule := ternary "org.apache.kafka.common.security.scram.ScramLoginModule required" "org.apache.kafka.common.security.plain.PlainLoginModule required" (regexMatch "SCRAM" (upper .Values.sasl.enabledMechanisms)) }} +sasl.jaas.config={{ $securityModule }} \ + username="{{ index .Values.sasl.client.users 0 }}" \ + password="$(kubectl get secret {{ $fullname }}-user-passwords --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)"; +{{- end }} +{{- end }} +{{- if $externalSslEnabled }} +{{- $clientTlsType := upper .Values.tls.type }} +ssl.truststore.type={{ $clientTlsType }} +{{- if eq $clientTlsType "JKS" }} +ssl.truststore.location=/tmp/kafka.truststore.jks +# Uncomment this line if your client truststore is password protected +#ssl.truststore.password= +{{- else if eq $clientTlsType "PEM" }} +ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \ +... \ +-----END CERTIFICATE----- +{{- end }} +{{- if and $externalMTlsEnabled }} +ssl.keystore.type={{ $clientTlsType }} +{{- if eq $clientTlsType "JKS" }} +ssl.keystore.location=/tmp/client.keystore.jks +# Uncomment this line if your client truststore is password protected +#ssl.keystore.password= +{{- else if eq $clientTlsType "PEM" }} +ssl.keystore.certificate.chain=-----BEGIN CERTIFICATE----- \ +... \ +-----END CERTIFICATE----- +ssl.keystore.key=-----BEGIN ENCRYPTED PRIVATE KEY----- \ +... \ +-----END ENCRYPTED PRIVATE KEY----- +{{- end }} +{{- end }} +{{- if eq .Values.tls.endpointIdentificationAlgorithm "" }} +ssl.endpoint.identification.algorithm= +{{- end }} +{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- include "common.warnings.resources" (dict "sections" (list "broker" "controller" "metrics.jmx" "provisioning" "defaultInitContainers.volumePermissions" "defaultInitContainers.prepareConfig" "defaultInitContainers.autoDiscovery") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.defaultInitContainers.volumePermissions.image .Values.defaultInitContainers.autoDiscovery.image .Values.metrics.jmx.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.defaultInitContainers.volumePermissions.image .Values.defaultInitContainers.autoDiscovery.image .Values.metrics.jmx.image) "context" $) }} +{{- include "kafka.checkRollingTags" . }} +{{- include "kafka.validateValues" . }} diff --git a/helm/kafka/templates/_helpers.tpl b/helm/kafka/templates/_helpers.tpl new file mode 100644 index 000000000..eb03e1f18 --- /dev/null +++ b/helm/kafka/templates/_helpers.tpl @@ -0,0 +1,990 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Kafka controller-eligible fullname +*/}} +{{- define "kafka.controller.fullname" -}} +{{- printf "%s-controller" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Kafka broker fullname +*/}} +{{- define "kafka.broker.fullname" -}} +{{- printf "%s-broker" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "kafka.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Kafka image name +*/}} +{{- define "kafka.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "kafka.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.defaultInitContainers.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "kafka.autoDiscovery.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.defaultInitContainers.autoDiscovery.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper JMX exporter image name +*/}} +{{- define "kafka.metrics.jmx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.jmx.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "kafka.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.defaultInitContainers.volumePermissions.image .Values.defaultInitContainers.autoDiscovery.image .Values.metrics.jmx.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return true if encryption via TLS for client connections should be configured +*/}} +{{- define "kafka.sslEnabled" -}} +{{- $res := "" -}} +{{- $listeners := list .Values.listeners.client .Values.listeners.interbroker .Values.listeners.controller -}} +{{- range $i := .Values.listeners.extraListeners -}} +{{- $listeners = append $listeners $i -}} +{{- end -}} +{{- if and .Values.externalAccess.enabled -}} +{{- $listeners = append $listeners .Values.listeners.external -}} +{{- end -}} +{{- range $listener := $listeners -}} +{{- if regexFind "SSL" (upper $listener.protocol) -}} +{{- $res = "true" -}} +{{- end -}} +{{- end -}} +{{- if $res -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if SASL connections should be configured +*/}} +{{- define "kafka.saslEnabled" -}} +{{- $res := "" -}} +{{- if include "kafka.client.saslEnabled" . -}} +{{- $res = "true" -}} +{{- else -}} +{{- $listeners := list .Values.listeners.interbroker .Values.listeners.controller -}} +{{- range $listener := $listeners -}} +{{- if regexFind "SASL" (upper $listener.protocol) -}} +{{- $res = "true" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if $res -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if SASL connections should be configured +*/}} +{{- define "kafka.client.saslEnabled" -}} +{{- $res := "" -}} +{{- $listeners := list .Values.listeners.client -}} +{{- range $i := .Values.listeners.extraListeners -}} +{{- $listeners = append $listeners $i -}} +{{- end -}} +{{- if and .Values.externalAccess.enabled -}} +{{- $listeners = append $listeners .Values.listeners.external -}} +{{- end -}} +{{- range $listener := $listeners -}} +{{- if regexFind "SASL" (upper $listener.protocol) -}} +{{- $res = "true" -}} +{{- end -}} +{{- end -}} +{{- if $res -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if a SASL mechanism that uses usernames and passwords is in use +*/}} +{{- define "kafka.saslUserPasswordsEnabled" -}} +{{- if (include "kafka.saslEnabled" .) -}} +{{- if or (regexFind "PLAIN" (upper .Values.sasl.enabledMechanisms)) (regexFind "SCRAM" (upper .Values.sasl.enabledMechanisms)) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if a SASL mechanism that uses client IDs and client secrets is in use +*/}} +{{- define "kafka.saslClientSecretsEnabled" -}} +{{- if (include "kafka.saslEnabled" .) -}} +{{- if (regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms)) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the security module based on the provided sasl mechanism +*/}} +{{- define "kafka.saslSecurityModule" -}} +{{- if eq "PLAIN" .mechanism -}} +org.apache.kafka.common.security.plain.PlainLoginModule required +{{- else if regexFind "SCRAM" .mechanism -}} +org.apache.kafka.common.security.scram.ScramLoginModule required +{{- else if eq "OAUTHBEARER" .mechanism -}} +org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka Kraft secret +*/}} +{{- define "kafka.kraftSecretName" -}} +{{- if .Values.existingKraftSecret -}} + {{- print (tpl .Values.existingKraftSecret .) -}} +{{- else -}} + {{- printf "%s-kraft" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka SASL credentials secret +*/}} +{{- define "kafka.saslSecretName" -}} +{{- if .Values.sasl.existingSecret -}} + {{- print (tpl .Values.sasl.existingSecret .) -}} +{{- else -}} + {{- printf "%s-user-passwords" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a SASL credentials secret object should be created +*/}} +{{- define "kafka.createSaslSecret" -}} +{{- if and (include "kafka.saslEnabled" .) (empty .Values.sasl.existingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "kafka.tlsSecretName" -}} +{{- if .Values.tls.existingSecret -}} + {{- print (tpl .Values.tls.existingSecret .) -}} +{{- else -}} + {{- printf "%s-tls" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "kafka.createTlsSecret" -}} +{{- if and (include "kafka.sslEnabled" .) (empty .Values.tls.existingSecret) .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "helm") -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a Certificate object should be created +*/}} +{{- define "kafka.createCertificate" -}} +{{- if and (include "kafka.sslEnabled" .) (empty .Values.tls.existingSecret) .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka TLS credentials secret +*/}} +{{- define "kafka.tlsPasswordsSecretName" -}} +{{- if .Values.tls.passwordsSecret -}} + {{- print (tpl .Values.tls.passwordsSecret .) -}} +{{- else -}} + {{- printf "%s-tls-passwords" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "kafka.createTlsPasswordsSecret" -}} +{{- if and (include "kafka.sslEnabled" .) (or (empty .Values.tls.passwordsSecret) .Values.tls.autoGenerated.enabled) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the secret name for the Kafka Provisioning client +*/}} +{{- define "kafka.client.passwordsSecretName" -}} +{{- if .Values.provisioning.auth.tls.passwordsSecret -}} + {{- print (tpl .Values.provisioning.auth.tls.passwordsSecret .) -}} +{{- else -}} + {{- printf "%s-client-secret" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the Kafka Provisioning client +*/}} +{{- define "kafka.provisioning.serviceAccountName" -}} +{{- if .Values.provisioning.serviceAccount.create -}} + {{ default (printf "%s-provisioning" (include "common.names.fullname" .)) .Values.provisioning.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.provisioning.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka controller-eligible configuration configmap +*/}} +{{- define "kafka.controller.configmapName" -}} +{{- if .Values.controller.existingConfigmap -}} + {{- print (tpl .Values.controller.existingConfigmap .) -}} +{{- else if .Values.existingConfigmap -}} + {{- print (tpl .Values.existingConfigmap .) -}} +{{- else -}} + {{- printf "%s-configuration" (include "kafka.controller.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka controller-eligible secret configuration +*/}} +{{- define "kafka.controller.secretConfigName" -}} +{{- if .Values.controller.existingSecretConfig -}} + {{- print (tpl .Values.controller.existingSecretConfig .) -}} +{{- else if .Values.existingSecretConfig -}} + {{- print (tpl .Values.controller.existingSecretConfig .) -}} +{{- else -}} + {{- printf "%s-secret-configuration" (include "kafka.controller.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka controller-eligible secret configuration values +*/}} +{{- define "kafka.controller.secretConfig" -}} +{{- if .Values.secretConfig }} + {{- print (tpl .Values.secretConfig .) -}} +{{- end }} +{{- if .Values.controller.secretConfig }} + {{- print (tpl .Values.controller.secretConfig .) -}} +{{- end }} +{{- end -}} + +{{/* +Return true if a configmap object should be created for controller-eligible pods +*/}} +{{- define "kafka.controller.createConfigmap" -}} +{{- if and (not .Values.controller.existingConfigmap) (not .Values.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object with config should be created for controller-eligible pods +*/}} +{{- define "kafka.controller.createSecretConfig" -}} +{{- if and (or .Values.controller.secretConfig .Values.secretConfig) (and (not .Values.controller.existingSecretConfig) (not .Values.existingSecretConfig)) }} + {{- true -}} +{{- end -}} +{{- end -}} +{{/* +Return true if a secret object with config exists for controller-eligible pods +*/}} +{{- define "kafka.controller.secretConfigExists" -}} +{{- if or .Values.controller.secretConfig .Values.secretConfig .Values.controller.existingSecretConfig .Values.existingSecretConfig }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka broker configuration configmap +*/}} +{{- define "kafka.broker.configmapName" -}} +{{- if .Values.broker.existingConfigmap -}} + {{- print (tpl .Values.broker.existingConfigmap .) -}} +{{- else if .Values.existingConfigmap -}} + {{- print (tpl .Values.existingConfigmap .) -}} +{{- else -}} + {{- printf "%s-configuration" (include "kafka.broker.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka broker secret configuration +*/}} +{{- define "kafka.broker.secretConfigName" -}} +{{- if .Values.broker.existingSecretConfig -}} + {{- print (tpl .Values.broker.existingSecretConfig .) -}} +{{- else if .Values.existingSecretConfig -}} + {{- print (tpl .Values.existingSecretConfig .) -}} +{{- else -}} + {{- printf "%s-secret-configuration" (include "kafka.broker.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka broker secret configuration values +*/}} +{{- define "kafka.broker.secretConfig" -}} +{{- if .Values.secretConfig }} + {{- print (tpl .Values.secretConfig .) -}} +{{- end }} +{{- if .Values.broker.secretConfig }} + {{- print (tpl .Values.broker.secretConfig .) -}} +{{- end }} +{{- end -}} + +{{/* +Return true if a configmap object should be created for broker pods +*/}} +{{- define "kafka.broker.createConfigmap" -}} +{{- if and (not .Values.broker.existingConfigmap) (not .Values.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object with config should be created for broker pods +*/}} +{{- define "kafka.broker.createSecretConfig" -}} +{{- if and (or .Values.broker.secretConfig .Values.secretConfig) (and (not .Values.broker.existingSecretConfig) (not .Values.existingSecretConfig)) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object with config exists for broker pods +*/}} +{{- define "kafka.broker.secretConfigExists" -}} +{{- if or .Values.broker.secretConfig .Values.secretConfig .Values.broker.existingSecretConfig .Values.existingSecretConfig }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka log4j2 ConfigMap name. +*/}} +{{- define "kafka.log4j2.configMapName" -}} +{{- if .Values.existingLog4j2ConfigMap -}} + {{- print (tpl .Values.existingLog4j2ConfigMap .) -}} +{{- else -}} + {{- printf "%s-log4j2-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Kafka configuration configmap +*/}} +{{- define "kafka.metrics.jmx.configmapName" -}} +{{- if .Values.metrics.jmx.existingConfigmap -}} + {{- print (tpl .Values.metrics.jmx.existingConfigmap .) -}} +{{- else -}} + {{ printf "%s-jmx-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "kafka.metrics.jmx.createConfigmap" -}} +{{- if and .Values.metrics.jmx.enabled .Values.metrics.jmx.config (not .Values.metrics.jmx.existingConfigmap) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the Kafka listeners settings based on the listeners.* object +*/}} +{{- define "kafka.listeners" -}} +{{- if .context.Values.listeners.overrideListeners -}} + {{- print .context.Values.listeners.overrideListeners -}} +{{- else -}} + {{- $listeners := list .context.Values.listeners.client .context.Values.listeners.interbroker -}} + {{- if .context.Values.externalAccess.enabled -}} + {{- $listeners = append $listeners .context.Values.listeners.external -}} + {{- end -}} + {{- if .isController -}} + {{- if .context.Values.controller.controllerOnly -}} + {{- $listeners = list .context.Values.listeners.controller -}} + {{- else -}} + {{- $listeners = append $listeners .context.Values.listeners.controller -}} + {{- range $i := .context.Values.listeners.extraListeners -}} + {{- $listeners = append $listeners $i -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $i := .context.Values.listeners.extraListeners -}} + {{- $listeners = append $listeners $i -}} + {{- end -}} + {{- end -}} + {{- $res := list -}} + {{- range $listener := $listeners -}} + {{- $res = append $res (printf "%s://:%d" (upper $listener.name) (int $listener.containerPort)) -}} + {{- end -}} + {{- join "," $res -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the list of advertised listeners, although the advertised address will be replaced during each node init time +*/}} +{{- define "kafka.advertisedListeners" -}} +{{- if .Values.listeners.advertisedListeners -}} + {{- print .Values.listeners.advertisedListeners -}} +{{- else -}} + {{- $listeners := list .Values.listeners.client .Values.listeners.interbroker -}} + {{- range $i := .Values.listeners.extraListeners -}} + {{- $listeners = append $listeners $i -}} + {{- end -}} + {{- $res := list -}} + {{- range $listener := $listeners -}} + {{- $res = append $res (printf "%s://advertised-address-placeholder:%d" (upper $listener.name) (int $listener.containerPort)) -}} + {{- end -}} + {{- join "," $res -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the value listener.security.protocol.map based on the values of 'listeners.*.protocol' +*/}} +{{- define "kafka.securityProtocolMap" -}} +{{- if .context.Values.listeners.securityProtocolMap -}} + {{- print .context.Values.listeners.securityProtocolMap -}} +{{- else -}} + {{- $listeners := list .context.Values.listeners.client .context.Values.listeners.interbroker -}} + {{- if .isController -}} + {{- if .context.Values.controller.controllerOnly -}} + {{- $listeners = list .context.Values.listeners.controller -}} + {{- else -}} + {{- $listeners = append $listeners .context.Values.listeners.controller -}} + {{- range $i := .context.Values.listeners.extraListeners -}} + {{- $listeners = append $listeners $i -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $i := .context.Values.listeners.extraListeners -}} + {{- $listeners = append $listeners $i -}} + {{- end -}} + {{- end -}} + {{- if and .context.Values.externalAccess.enabled -}} + {{- $listeners = append $listeners .context.Values.listeners.external -}} + {{- end -}} + {{- $res := list -}} + {{- range $listener := $listeners -}} + {{- $res = append $res (printf "%s:%s" (upper $listener.name) (upper $listener.protocol)) -}} + {{- end -}} + {{ join "," $res }} +{{- end -}} +{{- end -}} + +{{/* +Returns the containerPorts for listeners.extraListeners +*/}} +{{- define "kafka.extraListeners.containerPorts" -}} +{{- range $listener := .Values.listeners.extraListeners -}} +- name: {{ lower $listener.name}} + containerPort: {{ $listener.containerPort }} +{{- end -}} +{{- end -}} + +{{/* +Returns the controller quorum bootstrap servers based on the number of controller-eligible nodes +*/}} +{{- define "kafka.controller.quorumBootstrapServers" -}} +{{- if .Values.controller.quorumBootstrapServers -}} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.quorumBootstrapServers "context" $) -}} +{{- else -}} + {{- $fullname := include "kafka.controller.fullname" . }} + {{- $serviceName := printf "%s-headless" (include "kafka.controller.fullname" .) | trunc 63 | trimSuffix "-" }} + {{- $releaseNamespace := include "common.names.namespace" . -}} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $port := int .Values.listeners.controller.containerPort }} + {{- $bootstrapServers := list -}} + {{- range $i := until (int .Values.controller.replicaCount) -}} + {{- $nodeAddress := printf "%s-%d.%s.%s.svc.%s:%d" $fullname (int $i) $serviceName $releaseNamespace $clusterDomain $port -}} + {{- $bootstrapServers = append $bootstrapServers $nodeAddress -}} + {{- end -}} + {{- join "," $bootstrapServers -}} +{{- end -}} +{{- end -}} + +{{/* +Section of the server.properties shared by both controller-eligible and broker nodes +*/}} +{{- define "kafka.commonConfig" -}} +inter.broker.listener.name: {{ .Values.listeners.interbroker.name }} +controller.listener.names: {{ .Values.listeners.controller.name }} +controller.quorum.bootstrap.servers: {{ include "kafka.controller.quorumBootstrapServers" . }} +{{- if include "kafka.sslEnabled" . }} +# TLS configuration +ssl.keystore.type: JKS +ssl.truststore.type: JKS +ssl.keystore.location: /opt/bitnami/kafka/config/certs/kafka.keystore.jks +ssl.truststore.location: /opt/bitnami/kafka/config/certs/kafka.truststore.jks +ssl.client.auth: {{ .Values.tls.sslClientAuth }} +ssl.endpoint.identification.algorithm: {{ .Values.tls.endpointIdentificationAlgorithm }} +{{- end }} +{{- if (include "kafka.saslEnabled" .) }} +# Listeners SASL JAAS configuration +sasl.enabled.mechanisms: {{ upper .Values.sasl.enabledMechanisms }} +{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }} +sasl.mechanism.inter.broker.protocol: {{ upper .Values.sasl.interBrokerMechanism }} +{{- end }} +{{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }} +sasl.mechanism.controller.protocol: {{ upper .Values.sasl.controllerMechanism }} +{{- end }} +{{- $listeners := list .Values.listeners.client .Values.listeners.interbroker .Values.listeners.controller }} +{{- range $i := .Values.listeners.extraListeners }} +{{- $listeners = append $listeners $i }} +{{- end }} +{{- if .Values.externalAccess.enabled }} +{{- $listeners = append $listeners .Values.listeners.external }} +{{- end }} +{{- range $listener := $listeners }} + {{- if and $listener.sslClientAuth (regexFind "SSL" (upper $listener.protocol)) }} +listener.name.{{lower $listener.name}}.ssl.client.auth: {{ $listener.sslClientAuth }} + {{- end }} + {{- if regexFind "SASL" (upper $listener.protocol) }} + {{- range $mechanism := splitList "," $.Values.sasl.enabledMechanisms }} + {{- $securityModule := include "kafka.saslSecurityModule" (dict "mechanism" (upper $mechanism)) }} + {{- if and (eq (upper $mechanism) "OAUTHBEARER") (or (eq $listener.name $.Values.listeners.interbroker.name) (eq $listener.name $.Values.listeners.controller.name)) }} +listener.name.{{lower $listener.name}}.oauthbearer.sasl.login.callback.handler.class: org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler + {{- end }} + {{- $saslJaasConfig := list $securityModule }} + {{- if eq $listener.name $.Values.listeners.interbroker.name }} + {{- if (eq (upper $mechanism) "OAUTHBEARER") }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "clientId=\"%s\"" $.Values.sasl.interbroker.clientId) }} + {{- $saslJaasConfig = append $saslJaasConfig (print "clientSecret=\"interbroker-client-secret-placeholder\"") }} + {{- else }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "username=\"%s\"" $.Values.sasl.interbroker.user) }} + {{- $saslJaasConfig = append $saslJaasConfig (print "password=\"interbroker-password-placeholder\"") }} + {{- end }} + {{- else if eq $listener.name $.Values.listeners.controller.name }} + {{- if (eq (upper $mechanism) "OAUTHBEARER") }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "clientId=\"%s\"" $.Values.sasl.controller.clientId) }} + {{- $saslJaasConfig = append $saslJaasConfig (print "clientSecret=\"controller-client-secret-placeholder\"") }} + {{- else }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "username=\"%s\"" $.Values.sasl.controller.user) }} + {{- $saslJaasConfig = append $saslJaasConfig (print "password=\"controller-password-placeholder\"") }} + {{- end }} + {{- end }} + {{- if eq (upper $mechanism) "PLAIN" }} + {{- if eq $listener.name $.Values.listeners.interbroker.name }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "user_%s=\"interbroker-password-placeholder\"" $.Values.sasl.interbroker.user) }} + {{- else if eq $listener.name $.Values.listeners.controller.name }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "user_%s=\"controller-password-placeholder\"" $.Values.sasl.controller.user) }} + {{- end }} + {{- range $i, $user := $.Values.sasl.client.users }} + {{- $saslJaasConfig = append $saslJaasConfig (printf "user_%s=\"password-placeholder-%d\"" $user (int $i)) }} + {{- end }} + {{- end }} +listener.name.{{lower $listener.name}}.{{lower $mechanism}}.sasl.jaas.config: {{ printf "%s;" (join " " $saslJaasConfig) }} + {{- if eq (upper $mechanism) "OAUTHBEARER" }} +listener.name.{{lower $listener.name}}.oauthbearer.sasl.server.callback.handler.class: org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerValidatorCallbackHandler + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- if regexFind "OAUTHBEARER" .Values.sasl.enabledMechanisms }} +sasl.oauthbearer.token.endpoint.url: {{ .Values.sasl.oauthbearer.tokenEndpointUrl }} +sasl.oauthbearer.jwks.endpoint.url: {{ .Values.sasl.oauthbearer.jwksEndpointUrl }} +sasl.oauthbearer.expected.audience: {{ .Values.sasl.oauthbearer.expectedAudience }} +sasl.oauthbearer.sub.claim.name: {{ .Values.sasl.oauthbearer.subClaimName }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Environment variables required to configure SASL +*/}} +{{- define "kafka.saslEnv" -}} +{{- if and (include "kafka.client.saslEnabled" . ) (include "kafka.saslUserPasswordsEnabled" .) .Values.sasl.client.users }} +- name: KAFKA_CLIENT_USERS + value: {{ join "," .Values.sasl.client.users | quote }} +{{- if .Values.usePasswordFiles }} +- name: KAFKA_CLIENT_PASSWORDS_FILE + value: /opt/bitnami/kafka/config/secrets/client-passwords +{{- else }} +- name: KAFKA_CLIENT_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: client-passwords +{{- end }} +{{- end }} +{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }} +{{- if include "kafka.saslUserPasswordsEnabled" . }} +- name: KAFKA_INTER_BROKER_USER + value: {{ .Values.sasl.interbroker.user | quote }} +{{- if .Values.usePasswordFiles }} +- name: KAFKA_INTER_BROKER_PASSWORD_FILE + value: /opt/bitnami/kafka/config/secrets/inter-broker-password +{{- else }} +- name: KAFKA_INTER_BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: inter-broker-password +{{- end }} +{{- end }} +{{- if include "kafka.saslClientSecretsEnabled" . }} +- name: KAFKA_INTER_BROKER_CLIENT_ID + value: {{ .Values.sasl.interbroker.clientId | quote }} +{{- if .Values.usePasswordFiles }} +- name: KAFKA_INTER_BROKER_CLIENT_SECRET_FILE + value: /opt/bitnami/kafka/config/secrets/inter-broker-client-secret +{{- else }} +- name: KAFKA_INTER_BROKER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: inter-broker-client-secret +{{- end }} +{{- end }} +{{- end }} +{{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }} +{{- if include "kafka.saslUserPasswordsEnabled" . }} +- name: KAFKA_CONTROLLER_USER + value: {{ .Values.sasl.controller.user | quote }} +{{- if .Values.usePasswordFiles }} +- name: KAFKA_CONTROLLER_PASSWORD_FILE + value: /opt/bitnami/kafka/config/secrets/controller-password +{{- else }} +- name: KAFKA_CONTROLLER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: controller-password +{{- end }} +{{- end }} +{{- if include "kafka.saslClientSecretsEnabled" . }} +- name: KAFKA_CONTROLLER_CLIENT_ID + value: {{ .Values.sasl.controller.clientId | quote }} +{{- if .Values.usePasswordFiles }} +- name: KAFKA_CONTROLLER_CLIENT_SECRET_FILE + value: /opt/bitnami/kafka/config/secrets/controller-client-secret +{{- else }} +- name: KAFKA_CONTROLLER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: controller-client-secret +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Environment variables shared by both controller-eligible and broker nodes +*/}} +{{- define "kafka.commonEnv" -}} +- name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} +- name: KAFKA_KRAFT_CLUSTER_ID + valueFrom: + secretKeyRef: + name: {{ template "kafka.kraftSecretName" . }} + key: cluster-id +{{- if and (include "kafka.saslEnabled" .) (or (regexFind "SCRAM" (upper .Values.sasl.enabledMechanisms)) (regexFind "SCRAM" (upper .Values.sasl.controllerMechanism)) (regexFind "SCRAM" (upper .Values.sasl.interBrokerMechanism))) }} +- name: KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS + value: "true" +{{ include "kafka.saslEnv" . }} +{{- end }} +{{- if .Values.provisioning.enabled }} +{{- end }} +{{- if .Values.metrics.jmx.enabled }} +- name: JMX_PORT + value: {{ .Values.metrics.jmx.kafkaJmxPort | quote }} +{{- end }} +{{- end -}} + +{{/* +Check if there are rolling tags in the images +*/}} +{{- define "kafka.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.defaultInitContainers.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.defaultInitContainers.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.jmx.image }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "kafka.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "kafka.validateValues.listener.protocols" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.controller.nodePortListLength" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.broker.nodePortListLength" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.controller.externalIPListLength" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.broker.externalIPListLength" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.brokerRackAwareness" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.domainSpecified" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerIPs" "context" .)) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerNames" "context" .)) -}} +{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerAnnotations" "context" . )) -}} +{{- $messages := append $messages (include "kafka.validateValues.saslMechanisms" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.tlsSecret" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.provisioning.tlsPasswords" .) -}} +{{- $messages := append $messages (include "kafka.validateValues.missingController" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - Authentication protocols for Kafka */}} +{{- define "kafka.validateValues.listener.protocols" -}} +{{- $authProtocols := list "PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL" -}} +{{- if not .Values.listeners.securityProtocolMap -}} +{{- $listeners := list .Values.listeners.client .Values.listeners.interbroker .Values.listeners.controller -}} +{{- if and .Values.externalAccess.enabled -}} +{{- $listeners = append $listeners .Values.listeners.external -}} +{{- end -}} +{{- $error := false -}} +{{- range $listener := $listeners -}} +{{- if not (has (upper $listener.protocol) $authProtocols) -}} +{{- $error := true -}} +{{- end -}} +{{- end -}} +{{- if $error -}} +kafka: listeners.*.protocol + Available authentication protocols are "PLAINTEXT" "SASL_PLAINTEXT" "SSL" "SASL_SSL" +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - number of controller-eligible replicas must be the same as NodePort list in controller-eligible external service */}} +{{- define "kafka.validateValues.controller.nodePortListLength" -}} +{{- $replicaCount := int .Values.controller.replicaCount -}} +{{- $nodePortListLength := len .Values.externalAccess.controller.service.nodePorts -}} +{{- $nodePortListIsEmpty := empty .Values.externalAccess.controller.service.nodePorts -}} +{{- $nodePortListLengthEqualsReplicaCount := eq $nodePortListLength $replicaCount -}} +{{- $externalIPListIsEmpty := empty .Values.externalAccess.controller.service.externalIPs -}} +{{- if and .Values.externalAccess.enabled (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq .Values.externalAccess.controller.service.type "NodePort") (or (and (not $nodePortListIsEmpty) (not $nodePortListLengthEqualsReplicaCount)) (and $nodePortListIsEmpty $externalIPListIsEmpty)) -}} +kafka: .Values.externalAccess.controller.service.nodePorts + Number of controller-eligible replicas and externalAccess.controller.service.nodePorts array length must be the same. Currently: replicaCount = {{ $replicaCount }} and length nodePorts = {{ $nodePortListLength }} - {{ $externalIPListIsEmpty }} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - number of broker replicas must be the same as NodePort list in broker external service */}} +{{- define "kafka.validateValues.broker.nodePortListLength" -}} +{{- $replicaCount := int .Values.broker.replicaCount -}} +{{- $nodePortListLength := len .Values.externalAccess.broker.service.nodePorts -}} +{{- $nodePortListIsEmpty := empty .Values.externalAccess.broker.service.nodePorts -}} +{{- $nodePortListLengthEqualsReplicaCount := eq $nodePortListLength $replicaCount -}} +{{- $externalIPListIsEmpty := empty .Values.externalAccess.broker.service.externalIPs -}} +{{- if and .Values.externalAccess.enabled (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq .Values.externalAccess.broker.service.type "NodePort") (or (and (not $nodePortListIsEmpty) (not $nodePortListLengthEqualsReplicaCount)) (and $nodePortListIsEmpty $externalIPListIsEmpty)) -}} +kafka: .Values.externalAccess.broker.service.nodePorts + Number of broker replicas and externalAccess.broker.service.nodePorts array length must be the same. Currently: replicaCount = {{ $replicaCount }} and length nodePorts = {{ $nodePortListLength }} - {{ $externalIPListIsEmpty }} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - number of replicas must be the same as externalIPs list */}} +{{- define "kafka.validateValues.controller.externalIPListLength" -}} +{{- $replicaCount := int .Values.controller.replicaCount -}} +{{- $externalIPListLength := len .Values.externalAccess.controller.service.externalIPs -}} +{{- $externalIPListIsEmpty := empty .Values.externalAccess.controller.service.externalIPs -}} +{{- $externalIPListEqualsReplicaCount := eq $externalIPListLength $replicaCount -}} +{{- $nodePortListIsEmpty := empty .Values.externalAccess.controller.service.nodePorts -}} +{{- if and .Values.externalAccess.enabled (or .Values.externalAccess.controller.forceExpose (not .Values.controller.controllerOnly)) (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq .Values.externalAccess.controller.service.type "NodePort") (or (and (not $externalIPListIsEmpty) (not $externalIPListEqualsReplicaCount)) (and $externalIPListIsEmpty $nodePortListIsEmpty)) -}} +kafka: .Values.externalAccess.controller.service.externalIPs + Number of controller-eligible replicas and externalAccess.controller.service.externalIPs array length must be the same. Currently: replicaCount = {{ $replicaCount }} and length externalIPs = {{ $externalIPListLength }} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - number of replicas must be the same as externalIPs list */}} +{{- define "kafka.validateValues.broker.externalIPListLength" -}} +{{- $replicaCount := int .Values.broker.replicaCount -}} +{{- $externalIPListLength := len .Values.externalAccess.broker.service.externalIPs -}} +{{- $externalIPListIsEmpty := empty .Values.externalAccess.broker.service.externalIPs -}} +{{- $externalIPListEqualsReplicaCount := eq $externalIPListLength $replicaCount -}} +{{- $nodePortListIsEmpty := empty .Values.externalAccess.broker.service.nodePorts -}} +{{- if and .Values.externalAccess.enabled (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq .Values.externalAccess.broker.service.type "NodePort") (or (and (not $externalIPListIsEmpty) (not $externalIPListEqualsReplicaCount)) (and $externalIPListIsEmpty $nodePortListIsEmpty)) -}} +kafka: .Values.externalAccess.broker.service.externalIPs + Number of broker replicas and externalAccess.broker.service.externalIPs array length must be the same. Currently: replicaCount = {{ $replicaCount }} and length externalIPs = {{ $externalIPListLength }} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - broker rack assignment allowed values */}} +{{- define "kafka.validateValues.brokerRackAwareness" -}} +{{- if and .Values.brokerRackAwareness.enabled (ne .Values.brokerRackAwareness.cloudProvider "aws-az") (ne .Values.brokerRackAwareness.cloudProvider "azure") -}} +kafka: .Values.brokerRackAwareness.cloudProvider + Available values for the cloud provider to use for broker rack awareness are "aws-az" or "azure" +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - domain must be defined if external service type ClusterIP */}} +{{- define "kafka.validateValues.domainSpecified" -}} +{{- if and (eq .Values.externalAccess.controller.service.type "ClusterIP") (empty .Values.externalAccess.controller.service.domain) -}} +kafka: .Values.externalAccess.controller.service.domain + Domain must be specified if service type ClusterIP is set for external service +{{- end -}} +{{- if and (eq .Values.externalAccess.broker.service.type "ClusterIP") (empty .Values.externalAccess.broker.service.domain) -}} +kafka: .Values.externalAccess.broker.service.domain + Domain must be specified if service type ClusterIP is set for external service +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - service type for external access */}} +{{- define "kafka.validateValues.externalAccessServiceType" -}} +{{- if and (not (eq .Values.externalAccess.controller.service.type "NodePort")) (not (eq .Values.externalAccess.controller.service.type "LoadBalancer")) (not (eq .Values.externalAccess.controller.service.type "ClusterIP")) -}} +kafka: externalAccess.controller.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- if and (not (eq .Values.externalAccess.broker.service.type "NodePort")) (not (eq .Values.externalAccess.broker.service.type "LoadBalancer")) (not (eq .Values.externalAccess.broker.service.type "ClusterIP")) -}} +kafka: externalAccess.broker.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - RBAC should be enabled when autoDiscovery is enabled */}} +{{- define "kafka.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and .Values.externalAccess.enabled .Values.defaultInitContainers.autoDiscovery.enabled (not .Values.rbac.create ) }} +kafka: rbac.create + By specifying "externalAccess.enabled=true" and "defaultInitContainers.autoDiscovery.enabled=true" + an initContainer will be used to auto-detect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- if and .Values.externalAccess.enabled .Values.defaultInitContainers.autoDiscovery.enabled (gt (int .Values.controller.replicaCount) 0) (not .Values.controller.automountServiceAccountToken) }} +kafka: controller-automountServiceAccountToken + By specifying "externalAccess.enabled=true" and "defaultInitContainers.autoDiscovery.enabled=true" + an initContainer will be used to auto-detect the external IPs/ports by querying the + K8s API. Please note this initContainer requires the service account token. Please set controller.automountServiceAccountToken=true + and broker.automountServiceAccountToken=true. +{{- end -}} +{{- if and .Values.externalAccess.enabled .Values.defaultInitContainers.autoDiscovery.enabled (gt (int .Values.broker.replicaCount) 0) (not .Values.broker.automountServiceAccountToken) }} +kafka: broker-automountServiceAccountToken + By specifying "externalAccess.enabled=true" and "defaultInitContainers.autoDiscovery.enabled=true" + an initContainer will be used to auto-detect the external IPs/ports by querying the + K8s API. Please note this initContainer requires the service account token. Please set controller.automountServiceAccountToken=true + and broker.automountServiceAccountToken=true. +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - LoadBalancerIPs or LoadBalancerNames should be set when autoDiscovery is disabled */}} +{{- define "kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames" -}} +{{- $loadBalancerNameListLength := len .Values.externalAccess.controller.service.loadBalancerNames -}} +{{- $loadBalancerIPListLength := len .Values.externalAccess.controller.service.loadBalancerIPs -}} +{{- if and .Values.externalAccess.enabled (gt (int .Values.controller.replicaCount) 0) (or .Values.externalAccess.controller.forceExpose (not .Values.controller.controllerOnly)) (eq .Values.externalAccess.controller.service.type "LoadBalancer") (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq $loadBalancerNameListLength 0) (eq $loadBalancerIPListLength 0) }} +kafka: externalAccess.controller.service.loadBalancerNames or externalAccess.controller.service.loadBalancerIPs + By specifying "externalAccess.enabled=true", "defaultInitContainers.autoDiscovery.enabled=false" and + "externalAccess.controller.service.type=LoadBalancer" at least one of externalAccess.controller.service.loadBalancerNames + or externalAccess.controller.service.loadBalancerIPs must be set and the length of those arrays must be equal + to the number of replicas. +{{- end -}} +{{- $loadBalancerNameListLength := len .Values.externalAccess.broker.service.loadBalancerNames -}} +{{- $loadBalancerIPListLength := len .Values.externalAccess.broker.service.loadBalancerIPs -}} +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if and .Values.externalAccess.enabled (gt 0 $replicaCount) (eq .Values.externalAccess.broker.service.type "LoadBalancer") (not .Values.defaultInitContainers.autoDiscovery.enabled) (eq $loadBalancerNameListLength 0) (eq $loadBalancerIPListLength 0) }} +kafka: externalAccess.broker.service.loadBalancerNames or externalAccess.broker.service.loadBalancerIPs + By specifying "externalAccess.enabled=true", "defaultInitContainers.autoDiscovery.enabled=false" and + "externalAccess.broker.service.type=LoadBalancer" at least one of externalAccess.broker.service.loadBalancerNames + or externalAccess.broker.service.loadBalancerIPs must be set and the length of those arrays must be equal + to the number of replicas. +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - number of replicas must be the same as loadBalancerIPs list */}} +{{- define "kafka.validateValues.externalAccessServiceList" -}} +{{- $replicaCount := int .context.Values.controller.replicaCount }} +{{- $listLength := len (get .context.Values.externalAccess.controller.service .element) -}} +{{- if and .context.Values.externalAccess.enabled (or .context.Values.externalAccess.controller.forceExpose (not .context.Values.controller.controllerOnly)) (not .context.Values.defaultInitContainers.autoDiscovery.enabled) (eq .context.Values.externalAccess.controller.service.type "LoadBalancer") (gt $listLength 0) (not (eq $replicaCount $listLength)) }} +kafka: externalAccess.service.{{ .element }} + Number of replicas and {{ .element }} array length must be the same. Currently: replicaCount = {{ $replicaCount }} and {{ .element }} = {{ $listLength }} +{{- end -}} +{{- $replicaCount := int .context.Values.broker.replicaCount }} +{{- $listLength := len (get .context.Values.externalAccess.broker.service .element) -}} +{{- if and .context.Values.externalAccess.enabled (gt 0 $replicaCount) (not .context.Values.defaultInitContainers.autoDiscovery.enabled) (eq .context.Values.externalAccess.broker.service.type "LoadBalancer") (gt $listLength 0) (not (eq $replicaCount $listLength)) }} +kafka: externalAccess.service.{{ .element }} + Number of replicas and {{ .element }} array length must be the same. Currently: replicaCount = {{ $replicaCount }} and {{ .element }} = {{ $listLength }} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - SASL mechanisms must be provided when using SASL */}} +{{- define "kafka.validateValues.saslMechanisms" -}} +{{- if and (include "kafka.saslEnabled" .) (not .Values.sasl.enabledMechanisms) }} +kafka: sasl.enabledMechanisms + The SASL mechanisms are required when listeners use SASL security protocol. +{{- end }} +{{- if not (contains .Values.sasl.interBrokerMechanism .Values.sasl.enabledMechanisms) }} +kafka: sasl.enabledMechanisms + sasl.interBrokerMechanism must be provided and it should be one of the specified mechanisms at sasl.enabledMechanisms +{{- end -}} +{{- if not (contains .Values.sasl.controllerMechanism .Values.sasl.enabledMechanisms) }} +kafka: sasl.enabledMechanisms + sasl.controllerMechanism must be provided and it should be one of the specified mechanisms at sasl.enabledMechanisms +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - Secrets containing TLS certs must be provided when TLS authentication is enabled */}} +{{- define "kafka.validateValues.tlsSecret" -}} +{{- if and (include "kafka.sslEnabled" .) (eq (upper .Values.tls.type) "JKS") (empty .Values.tls.existingSecret) (not .Values.tls.autoGenerated.enabled) }} +kafka: tls.existingSecret + A secret containing the Kafka JKS keystores and truststore is required + when TLS encryption in enabled and TLS format is "JKS" +{{- else if and (include "kafka.sslEnabled" .) (eq (upper .Values.tls.type) "PEM") (empty .Values.tls.existingSecret) (not .Values.tls.autoGenerated.enabled) }} +kafka: tls.existingSecret + A secret containing the Kafka TLS certificates and keys is required + when TLS encryption in enabled and TLS format is "PEM" +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka provisioning - keyPasswordSecretKey, keystorePasswordSecretKey or truststorePasswordSecretKey must not be used without passwordsSecret */}} +{{- define "kafka.validateValues.provisioning.tlsPasswords" -}} +{{- if and (regexFind "SSL" (upper .Values.listeners.client.protocol)) .Values.provisioning.enabled (not .Values.provisioning.auth.tls.passwordsSecret) }} +{{- if or .Values.provisioning.auth.tls.keyPasswordSecretKey .Values.provisioning.auth.tls.keystorePasswordSecretKey .Values.provisioning.auth.tls.truststorePasswordSecretKey }} +kafka: tls.keyPasswordSecretKey,tls.keystorePasswordSecretKey,tls.truststorePasswordSecretKey + tls.keyPasswordSecretKey,tls.keystorePasswordSecretKey,tls.truststorePasswordSecretKey + must not be used without passwordsSecret setted. +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Kafka - At least 1 controller is configured or controller.quorum.bootstrap.servers is set */}} +{{- define "kafka.validateValues.missingController" -}} +{{- if and (le (int .Values.controller.replicaCount) 0) (not .Values.controller.quorumBootstrapServers) }} +kafka: Missing controller-eligible nodes + No controller-eligible nodes have been configured. +{{- end -}} +{{- end -}} diff --git a/helm/kafka/templates/_init_containers.tpl b/helm/kafka/templates/_init_containers.tpl new file mode 100644 index 000000000..b449102ca --- /dev/null +++ b/helm/kafka/templates/_init_containers.tpl @@ -0,0 +1,512 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Returns an init-container that changes the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +*/}} +{{- define "kafka.defaultInitContainers.volumePermissions" -}} +{{- $roleValues := index .context.Values .role -}} +- name: volume-permissions + image: {{ include "kafka.volumePermissions.image" .context }} + imagePullPolicy: {{ .context.Values.defaultInitContainers.volumePermissions.image.pullPolicy | quote }} + {{- if .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext "context" .context) | nindent 4 }} + {{- end }} + {{- if .context.Values.defaultInitContainers.volumePermissions.resources }} + resources: {{- toYaml .context.Values.defaultInitContainers.volumePermissions.resources | nindent 4 }} + {{- else if ne .context.Values.defaultInitContainers.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .context.Values.defaultInitContainers.volumePermissions.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ $roleValues.persistence.mountPath }} {{ $roleValues.logPersistence.mountPath }} + {{- if eq ( toString ( .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + find {{ $roleValues.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2) + find {{ $roleValues.logPersistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2) + {{- else }} + find {{ $roleValues.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ $roleValues.containerSecurityContext.runAsUser }}:{{ $roleValues.podSecurityContext.fsGroup }} + find {{ $roleValues.logPersistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ $roleValues.containerSecurityContext.runAsUser }}:{{ $roleValues.podSecurityContext.fsGroup }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ $roleValues.persistence.mountPath }} + - name: logs + mountPath: {{ $roleValues.logPersistence.mountPath }} +{{- end -}} + +{{/* +Returns an init-container that auto-discovers the external access details +*/}} +{{- define "kafka.defaultInitContainers.autoDiscovery" -}} +{{- $externalAccess := index .context.Values.externalAccess .role }} +- name: auto-discovery + image: {{ include "kafka.autoDiscovery.image" .context }} + imagePullPolicy: {{ .context.Values.defaultInitContainers.autoDiscovery.image.pullPolicy | quote }} + {{- if .context.Values.defaultInitContainers.autoDiscovery.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .context.Values.defaultInitContainers.autoDiscovery.containerSecurityContext "context" .context) | nindent 4 }} + {{- end }} + {{- if .context.Values.defaultInitContainers.autoDiscovery.resources }} + resources: {{- toYaml .context.Values.defaultInitContainers.autoDiscovery.resources | nindent 4 }} + {{- else if ne .context.Values.defaultInitContainers.autoDiscovery.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .context.Values.defaultInitContainers.autoDiscovery.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + SVC_NAME="${MY_POD_NAME}-external" + AUTODISCOVERY_SERVICE_TYPE="${AUTODISCOVERY_SERVICE_TYPE:-}" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + k8s_svc_node_port() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local index=${3:-0} + local node_port="$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.spec.ports[$index].nodePort}")" + echo "$node_port" + } + + if [[ "$AUTODISCOVERY_SERVICE_TYPE" = "LoadBalancer" ]]; then + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready $MY_POD_NAMESPACE $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "$MY_POD_NAMESPACE" "$SVC_NAME" | tee "/shared/external-host.txt" + elif [[ "$AUTODISCOVERY_SERVICE_TYPE" = "NodePort" ]]; then + k8s_svc_node_port "$MY_POD_NAMESPACE" "$SVC_NAME" | tee "/shared/external-port.txt" + else + echo "Unsupported autodiscovery service type: '$AUTODISCOVERY_SERVICE_TYPE'" + exit 1 + fi + + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AUTODISCOVERY_SERVICE_TYPE + value: {{ $externalAccess.service.type | quote }} + volumeMounts: + - name: init-shared + mountPath: /shared +{{- end -}} + +{{/* +Returns an init-container that prepares the Kafka configuration files for main containers to use them +*/}} +{{- define "kafka.defaultInitContainers.prepareConfig" -}} +{{- $roleValues := index .context.Values .role -}} +{{- $externalAccessEnabled := or (and (eq .role "broker") .context.Values.externalAccess.enabled) (and (eq .role "controller") .context.Values.externalAccess.enabled (or .context.Values.externalAccess.controller.forceExpose (not .context.Values.controller.controllerOnly))) }} +- name: prepare-config + image: {{ include "kafka.image" .context }} + imagePullPolicy: {{ .context.Values.image.pullPolicy }} + {{- if .context.Values.defaultInitContainers.prepareConfig.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .context.Values.defaultInitContainers.prepareConfig.containerSecurityContext "context" .context) | nindent 4 }} + {{- end }} + {{- if .context.Values.defaultInitContainers.prepareConfig.resources }} + resources: {{- toYaml .context.Values.defaultInitContainers.prepareConfig.resources | nindent 4 }} + {{- else if ne .context.Values.defaultInitContainers.prepareConfig.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .context.Values.defaultInitContainers.prepareConfig.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + . /opt/bitnami/scripts/libkafka.sh + + {{- if $externalAccessEnabled }} + configure_external_access() { + local host port + # Configure external hostname + if [[ -f "/shared/external-host.txt" ]]; then + host=$(cat "/shared/external-host.txt") + elif [[ -n "${EXTERNAL_ACCESS_HOST:-}" ]]; then + host="$EXTERNAL_ACCESS_HOST" + elif [[ -n "${EXTERNAL_ACCESS_HOSTS_LIST:-}" ]]; then + read -r -a hosts <<< "$(tr ',' ' ' <<<"${EXTERNAL_ACCESS_HOSTS_LIST}")" + host="${hosts[$POD_ID]}" + elif is_boolean_yes "$EXTERNAL_ACCESS_HOST_USE_PUBLIC_IP"; then + host=$(curl -s https://ipinfo.io/ip) + else + error "External access hostname not provided" + fi + # Configure external port + if [[ -f "/shared/external-port.txt" ]]; then + port=$(cat "/shared/external-port.txt") + elif [[ -n "${EXTERNAL_ACCESS_PORT:-}" ]]; then + port="$EXTERNAL_ACCESS_PORT" + if is_boolean_yes "${EXTERNAL_ACCESS_PORT_AUTOINCREMENT:-}"; then + port="$((port + POD_ID))" + fi + elif [[ -n "${EXTERNAL_ACCESS_PORTS_LIST:-}" ]]; then + read -r -a ports <<<"$(tr ',' ' ' <<<"${EXTERNAL_ACCESS_PORTS_LIST}")" + port="${ports[$POD_ID]}" + else + error "External access port not provided" + fi + # Configure Kafka advertised listeners + sed -i -E "s|^(advertised\.listeners=\S+)$|\1,${EXTERNAL_ACCESS_LISTENER_NAME}://${host}:${port}|" "$KAFKA_CONF_FILE" + } + {{- end }} + {{- if include "kafka.sslEnabled" .context }} + configure_kafka_tls() { + # Remove previously existing keystores and certificates, if any + rm -f /certs/kafka.keystore.jks /certs/kafka.truststore.jks + rm -f /certs/tls.crt /certs/tls.key /certs/ca.crt + find /certs -name "xx*" -exec rm {} \; + if [[ "${KAFKA_TLS_TYPE}" = "PEM" ]]; then + # Copy PEM certificate and key + if [[ -f "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.crt" && "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.key" ]]; then + cp "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.crt" /certs/tls.crt + # Copy the PEM key ensuring the key used PEM format with PKCS#8 + openssl pkcs8 -topk8 -nocrypt -passin pass:"${KAFKA_TLS_PEM_KEY_PASSWORD:-}" -in "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.key" > /certs/tls.key + elif [[ -f /mounted-certs/tls.crt && -f /mounted-certs/tls.key ]]; then + cp "/mounted-certs/tls.crt" /certs/tls.crt + # Copy the PEM key ensuring the key used PEM format with PKCS#8 + openssl pkcs8 -topk8 -passin pass:"${KAFKA_TLS_PEM_KEY_PASSWORD:-}" -nocrypt -in "/mounted-certs/tls.key" > /certs/tls.key + else + error "PEM key and cert files not found" + fi + {{- if not .context.Values.tls.pemChainIncluded }} + # Copy CA certificate + if [[ -f /mounted-certs/ca.crt ]]; then + cp /mounted-certs/ca.crt /certs/ca.crt + else + error "CA certificate file not found" + fi + {{- else }} + # CA certificates are also included in the same certificate + # All public certs will be included in the truststore + cp /certs/tls.crt /certs/ca.crt + {{- end }} + # Create JKS keystore from PEM cert and key + openssl pkcs12 -export -in "/certs/tls.crt" \ + -passout pass:"$KAFKA_TLS_KEYSTORE_PASSWORD" \ + -inkey "/certs/tls.key" \ + -out "/certs/kafka.keystore.p12" + keytool -importkeystore -srckeystore "/certs/kafka.keystore.p12" \ + -srcstoretype PKCS12 \ + -srcstorepass "$KAFKA_TLS_KEYSTORE_PASSWORD" \ + -deststorepass "$KAFKA_TLS_KEYSTORE_PASSWORD" \ + -destkeystore "/certs/kafka.keystore.jks" \ + -noprompt + # Create JKS truststore from CA cert + keytool -keystore /certs/kafka.truststore.jks -alias CARoot -import -file /certs/ca.crt -storepass "$KAFKA_TLS_TRUSTSTORE_PASSWORD" -noprompt + # Remove extra files + rm -f "/certs/kafka.keystore.p12" "/certs/tls.crt" "/certs/tls.key" "/certs/ca.crt" + elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then + if [[ -f "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.keystore.jks" ]]; then + cp "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.keystore.jks" /certs/kafka.keystore.jks + elif [[ -f "$KAFKA_TLS_KEYSTORE_FILE" ]]; then + cp "$KAFKA_TLS_KEYSTORE_FILE" /certs/kafka.keystore.jks + else + error "Keystore file not found" + fi + if [[ -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; then + cp "$KAFKA_TLS_TRUSTSTORE_FILE" /certs/kafka.truststore.jks + else + error "Truststore file not found" + fi + else + error "Invalid type $KAFKA_TLS_TYPE" + fi + # Configure TLS password settings in Kafka configuration + [[ -n "${KAFKA_TLS_KEYSTORE_PASSWORD:-}" ]] && kafka_server_conf_set "ssl.keystore.password" "$KAFKA_TLS_KEYSTORE_PASSWORD" + [[ -n "${KAFKA_TLS_TRUSTSTORE_PASSWORD:-}" ]] && kafka_server_conf_set "ssl.truststore.password" "$KAFKA_TLS_TRUSTSTORE_PASSWORD" + [[ -n "${KAFKA_TLS_PEM_KEY_PASSWORD:-}" ]] && kafka_server_conf_set "ssl.key.password" "$KAFKA_TLS_PEM_KEY_PASSWORD" + # Avoid errors caused by previous checks + true + } + {{- end }} + {{- if include "kafka.saslEnabled" .context }} + configure_kafka_sasl() { + # Replace placeholders with passwords + {{- if regexFind "SASL" (upper .context.Values.listeners.interbroker.protocol) }} + {{- if include "kafka.saslUserPasswordsEnabled" .context }} + replace_in_file "$KAFKA_CONF_FILE" "interbroker-password-placeholder" "$KAFKA_INTER_BROKER_PASSWORD" + {{- end }} + {{- if include "kafka.saslClientSecretsEnabled" .context }} + replace_in_file "$KAFKA_CONF_FILE" "interbroker-client-secret-placeholder" "$KAFKA_INTER_BROKER_CLIENT_SECRET" + {{- end }} + {{- end }} + {{- if regexFind "SASL" (upper .context.Values.listeners.controller.protocol) }} + {{- if include "kafka.saslUserPasswordsEnabled" .context }} + replace_in_file "$KAFKA_CONF_FILE" "controller-password-placeholder" "$KAFKA_CONTROLLER_PASSWORD" + {{- end }} + {{- if include "kafka.saslClientSecretsEnabled" .context }} + replace_in_file "$KAFKA_CONF_FILE" "controller-client-secret-placeholder" "$KAFKA_CONTROLLER_CLIENT_SECRET" + {{- end }} + {{- end }} + {{- if include "kafka.client.saslEnabled" .context }} + read -r -a passwords <<< "$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" + for ((i = 0; i < ${#passwords[@]}; i++)); do + replace_in_file "$KAFKA_CONF_FILE" "password-placeholder-${i}\"" "${passwords[i]}\"" + done + {{- end }} + } + {{- end }} + {{- if .context.Values.brokerRackAwareness.enabled }} + configure_kafka_broker_rack() { + local -r metadata_api_ip="169.254.169.254" + local broker_rack="" + {{- if eq .context.Values.brokerRackAwareness.cloudProvider "aws-az" }} + echo "Obtaining broker.rack for aws-az rack assignment" + ec2_metadata_token=$(curl -X PUT "http://${metadata_api_ip}/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60") + broker_rack=$(curl -H "X-aws-ec2-metadata-token: $ec2_metadata_token" "http://${metadata_api_ip}/latest/meta-data/placement/availability-zone-id") + {{- else if eq .context.Values.brokerRackAwareness.cloudProvider "azure" }} + echo "Obtaining broker.rack for azure rack assignment" + location=$(curl -s -H Metadata:true --noproxy "*" "http://${metadata_api_ip}/metadata/instance/compute/location?api-version={{ .context.Values.brokerRackAwareness.azureApiVersion }}&format=text") + zone=$(curl -s -H Metadata:true --noproxy "*" "http://${metadata_api_ip}/metadata/instance/compute/zone?api-version={{ .context.Values.brokerRackAwareness.azureApiVersion }}&format=text") + broker_rack="${location}-${zone}" + {{- end }} + kafka_server_conf_set "broker.rack" "$broker_rack" + } + {{- end }} + {{- if and $externalAccessEnabled .context.Values.defaultInitContainers.autoDiscovery.enabled }} + # Wait for autodiscovery to finish + retry_while "test -f /shared/external-host.txt -o -f /shared/external-port.txt" || error "Timed out waiting for autodiscovery init-container" + {{- end }} + + cp /configmaps/server.properties $KAFKA_CONF_FILE + + # Get pod ID and role, last and second last fields in the pod name respectively + POD_ID="${MY_POD_NAME##*-}" + POD_ROLE="${MY_POD_NAME%-*}"; POD_ROLE="${POD_ROLE##*-}" + + # Configure node.id + ID=$((POD_ID + KAFKA_MIN_ID)) + [[ -f "/bitnami/kafka/data/meta.properties" ]] && ID="$(grep "node.id" /bitnami/kafka/data/meta.properties | awk -F '=' '{print $2}')" + kafka_server_conf_set "node.id" "$ID" + # Configure initial controllers + if [[ "controller" =~ "$POD_ROLE" ]]; then + INITIAL_CONTROLLERS=() + for ((i = 0; i < {{ int .context.Values.controller.replicaCount }}; i++)); do + var="KAFKA_CONTROLLER_${i}_DIR_ID"; DIR_ID="${!var}" + [[ $i -eq $POD_ID ]] && [[ -f "/bitnami/kafka/data/meta.properties" ]] && DIR_ID="$(grep "directory.id" /bitnami/kafka/data/meta.properties | awk -F '=' '{print $2}')" + INITIAL_CONTROLLERS+=("${i}@${KAFKA_FULLNAME}-${POD_ROLE}-${i}.${KAFKA_CONTROLLER_SVC_NAME}.${MY_POD_NAMESPACE}.svc.${CLUSTER_DOMAIN}:${KAFKA_CONTROLLER_PORT}:${DIR_ID}") + done + echo "${INITIAL_CONTROLLERS[*]}" | awk -v OFS=',' '{$1=$1}1' > /shared/initial-controllers.txt + fi + {{- if not .context.Values.listeners.advertisedListeners }} + replace_in_file "$KAFKA_CONF_FILE" "advertised-address-placeholder" "${MY_POD_NAME}.${KAFKA_FULLNAME}-${POD_ROLE}-headless.${MY_POD_NAMESPACE}.svc.${CLUSTER_DOMAIN}" + {{- if $externalAccessEnabled }} + configure_external_access + {{- end }} + {{- end }} + {{- if include "kafka.sslEnabled" .context }} + configure_kafka_tls + {{- end }} + {{- if include "kafka.saslEnabled" .context }} + sasl_env_vars=( + KAFKA_CLIENT_PASSWORDS + KAFKA_INTER_BROKER_PASSWORD + KAFKA_INTER_BROKER_CLIENT_SECRET + KAFKA_CONTROLLER_PASSWORD + KAFKA_CONTROLLER_CLIENT_SECRET + ) + for env_var in "${sasl_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi + done + configure_kafka_sasl + {{- end }} + {{- if .context.Values.brokerRackAwareness.enabled }} + configure_kafka_broker_rack + {{- end }} + if [[ -f /secret-config/server-secret.properties ]]; then + cat /secret-config/server-secret.properties >> $KAFKA_CONF_FILE + fi + + {{- include "common.tplvalues.render" ( dict "value" .context.Values.defaultInitContainers.prepareConfig.extraInit "context" .context ) | nindent 6 }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .context.Values.image.debug .context.Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KAFKA_FULLNAME + value: {{ include "common.names.fullname" .context | quote }} + - name: CLUSTER_DOMAIN + value: {{ .context.Values.clusterDomain | quote }} + - name: KAFKA_VOLUME_DIR + value: {{ $roleValues.persistence.mountPath | quote }} + - name: KAFKA_CONF_FILE + value: /config/server.properties + - name: KAFKA_MIN_ID + value: {{ $roleValues.minId | quote }} + - name: KAFKA_CONTROLLER_SVC_NAME + value: {{ printf "%s-headless" (include "kafka.controller.fullname" .context) | trunc 63 | trimSuffix "-" }} + - name: KAFKA_CONTROLLER_PORT + value: {{ .context.Values.listeners.controller.containerPort | quote }} + {{- $kraftSecret := include "kafka.kraftSecretName" .context }} + {{- range $i := until (int .context.Values.controller.replicaCount) }} + - name: KAFKA_CONTROLLER_{{ $i }}_DIR_ID + valueFrom: + secretKeyRef: + name: {{ $kraftSecret }} + key: controller-{{ $i }}-id + {{- end }} + {{- if $externalAccessEnabled }} + - name: EXTERNAL_ACCESS_LISTENER_NAME + value: {{ upper .context.Values.listeners.external.name | quote }} + {{- $externalAccess := index .context.Values.externalAccess .role }} + {{- if eq $externalAccess.service.type "LoadBalancer" }} + {{- if not .context.Values.defaultInitContainers.autoDiscovery.enabled }} + - name: EXTERNAL_ACCESS_HOSTS_LIST + value: {{ join "," (default $externalAccess.service.loadBalancerIPs $externalAccess.service.loadBalancerNames) | quote }} + {{- end }} + - name: EXTERNAL_ACCESS_PORT + value: {{ $externalAccess.service.ports.external | quote }} + {{- else if eq $externalAccess.service.type "NodePort" }} + {{- if $externalAccess.service.domain }} + - name: EXTERNAL_ACCESS_HOST + value: {{ $externalAccess.service.domain | quote }} + {{- else if and $externalAccess.service.usePodIPs .context.Values.defaultInitContainers.autoDiscovery.enabled }} + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: EXTERNAL_ACCESS_HOST + value: "$(MY_POD_IP)" + {{- else if or $externalAccess.service.useHostIPs .context.Values.defaultInitContainers.autoDiscovery.enabled }} + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: EXTERNAL_ACCESS_HOST + value: "$(HOST_IP)" + {{- else if and $externalAccess.service.externalIPs (not .context.Values.defaultInitContainers.autoDiscovery.enabled) }} + - name: EXTERNAL_ACCESS_HOSTS_LIST + value: {{ join "," $externalAccess.service.externalIPs }} + {{- else }} + - name: EXTERNAL_ACCESS_HOST_USE_PUBLIC_IP + value: "true" + {{- end }} + {{- if not .context.Values.defaultInitContainers.autoDiscovery.enabled }} + {{- if and $externalAccess.service.externalIPs (empty $externalAccess.service.nodePorts)}} + - name: EXTERNAL_ACCESS_PORT + value: {{ $externalAccess.service.ports.external | quote }} + {{- else }} + - name: EXTERNAL_ACCESS_PORTS_LIST + value: {{ join "," $externalAccess.service.nodePorts | quote }} + {{- end }} + {{- end }} + {{- else if eq $externalAccess.service.type "ClusterIP" }} + - name: EXTERNAL_ACCESS_HOST + value: {{ $externalAccess.service.domain | quote }} + - name: EXTERNAL_ACCESS_PORT + value: {{ $externalAccess.service.ports.external | quote}} + - name: EXTERNAL_ACCESS_PORT_AUTOINCREMENT + value: "true" + {{- end }} + {{- end }} + {{- if include "kafka.saslEnabled" .context }} + {{- include "kafka.saslEnv" .context | nindent 4 }} + {{- end }} + {{- if include "kafka.sslEnabled" .context }} + - name: KAFKA_TLS_TYPE + value: {{ ternary "PEM" "JKS" (or .context.Values.tls.autoGenerated.enabled (eq (upper .context.Values.tls.type) "PEM")) }} + {{- if eq (upper .context.Values.tls.type) "JKS" }} + - name: KAFKA_TLS_KEYSTORE_FILE + value: {{ printf "/mounted-certs/%s" ( default "kafka.keystore.jks" .context.Values.tls.jksKeystoreKey) | quote }} + - name: KAFKA_TLS_TRUSTSTORE_FILE + value: {{ printf "/mounted-certs/%s" ( default "kafka.truststore.jks" .context.Values.tls.jksTruststoreKey) | quote }} + {{- end }} + - name: KAFKA_TLS_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.tlsPasswordsSecretName" .context }} + key: {{ .context.Values.tls.passwordsSecretKeystoreKey | quote }} + - name: KAFKA_TLS_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.tlsPasswordsSecretName" .context }} + key: {{ .context.Values.tls.passwordsSecretTruststoreKey | quote }} + {{- if and (not .context.Values.tls.autoGenerated.enabled) (or .context.Values.tls.keyPassword (and .context.Values.tls.passwordsSecret .context.Values.tls.passwordsSecretPemPasswordKey)) }} + - name: KAFKA_TLS_PEM_KEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.tlsPasswordsSecretName" .context }} + key: {{ default "key-password" .context.Values.tls.passwordsSecretPemPasswordKey | quote }} + {{- end }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/kafka + - name: kafka-config + mountPath: /config + - name: kafka-configmaps + mountPath: /configmaps + - name: kafka-secret-config + mountPath: /secret-config + - name: tmp + mountPath: /tmp + - name: init-shared + mountPath: /shared + {{- if include "kafka.sslEnabled" .context }} + - name: kafka-shared-certs + mountPath: /certs + {{- if and (include "kafka.sslEnabled" .context) (or .context.Values.tls.existingSecret .context.Values.tls.autoGenerated.enabled) }} + - name: kafka-certs + mountPath: /mounted-certs + readOnly: true + {{- end }} + {{- end }} + {{- if and .context.Values.usePasswordFiles (include "kafka.saslEnabled" .context) }} + - name: kafka-sasl + mountPath: /opt/bitnami/kafka/config/secrets + readOnly: true + {{- end }} +{{- end -}} diff --git a/helm/kafka/templates/broker/config-secrets.yaml b/helm/kafka/templates/broker/config-secrets.yaml new file mode 100644 index 000000000..cd3e17754 --- /dev/null +++ b/helm/kafka/templates/broker/config-secrets.yaml @@ -0,0 +1,23 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if and (include "kafka.broker.createSecretConfig" .) (gt $replicaCount 0) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-secret-configuration" (include "kafka.broker.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + server-secret.properties: {{ include "kafka.broker.secretConfig" . | b64enc }} +{{- end }} + diff --git a/helm/kafka/templates/broker/configmap.yaml b/helm/kafka/templates/broker/configmap.yaml new file mode 100644 index 000000000..2bf4e7da2 --- /dev/null +++ b/helm/kafka/templates/broker/configmap.yaml @@ -0,0 +1,53 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the Kafka broker configuration. +ref: https://kafka.apache.org/documentation/#configuration +*/}} +{{- define "kafka.broker.config" -}} +{{- if or .Values.config .Values.broker.config }} +{{- include "common.tplvalues.render" (dict "value" (coalesce .Values.broker.config .Values.config) "context" .) }} +{{- else }} +# Listeners configuration +listeners: {{ include "kafka.listeners" (dict "isController" false "context" .) }} +listener.security.protocol.map: {{ include "kafka.securityProtocolMap" (dict "isController" false "context" .) }} +advertised.listeners: {{ include "kafka.advertisedListeners" . }} +# Kafka data logs directory +log.dir: {{ printf "%s/data" .Values.broker.persistence.mountPath }} +# Kafka application logs directory +logs.dir: {{ .Values.broker.logPersistence.mountPath }} +# KRaft node role +process.roles: broker +# Common Kafka Configuration +{{ include "kafka.commonConfig" . }} +{{- end -}} +{{- end -}} + +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if and (include "kafka.broker.createConfigmap" .) (gt $replicaCount 0) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "kafka.broker.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $configuration := include "kafka.broker.config" . | fromYaml -}} + {{- if or .Values.overrideConfiguration .Values.broker.overrideConfiguration }} + {{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.overrideConfiguration "context" .) | fromYaml }} + {{- $brokerOverrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.broker.overrideConfiguration "context" .) | fromYaml }} + {{- $configuration = mustMergeOverwrite $configuration $overrideConfiguration $brokerOverrideConfiguration }} + {{- end }} + server.properties: |- + {{- range $key, $value := $configuration }} + {{ $key }}={{ include "common.tplvalues.render" (dict "value" $value "context" $) }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/hpa.yaml b/helm/kafka/templates/broker/hpa.yaml new file mode 100644 index 000000000..a7f907385 --- /dev/null +++ b/helm/kafka/templates/broker/hpa.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.broker.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kafka.broker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if or .Values.broker.autoscaling.hpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.autoscaling.hpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ template "kafka.broker.fullname" . }} + minReplicas: {{ .Values.broker.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.broker.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.broker.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.broker.autoscaling.hpa.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.broker.autoscaling.hpa.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.broker.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.broker.autoscaling.hpa.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.broker.autoscaling.hpa.targetMemory }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/networkpolicy.yaml b/helm/kafka/templates/broker/networkpolicy.yaml new file mode 100644 index 000000000..b079588c0 --- /dev/null +++ b/helm/kafka/templates/broker/networkpolicy.yaml @@ -0,0 +1,94 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "kafka.broker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow internal communications between nodes + - ports: + - port: {{ .Values.listeners.client.containerPort }} + - port: {{ .Values.listeners.interbroker.containerPort }} + {{- range $listener := .Values.listeners.extraListeners }} + - port: {{ $listener.containerPort }} + {{- end }} + {{- if .Values.externalAccess.enabled }} + - port: {{ .Values.listeners.external.containerPort }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow client connections + - ports: + - port: {{ .Values.listeners.client.containerPort }} + - port: {{ .Values.listeners.interbroker.containerPort }} + {{- range $listener := .Values.listeners.extraListeners }} + - port: {{ $listener.containerPort }} + {{- end }} + {{- if .Values.externalAccess.enabled }} + - port: {{ .Values.listeners.external.containerPort }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - port: {{ .Values.metrics.jmx.containerPorts.metrics }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.addExternalClientAccess }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- end }} + {{- if .Values.networkPolicy.ingressPodMatchLabels }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSPodMatchLabel "context" $ ) | nindent 14 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/pdb.yaml b/helm/kafka/templates/broker/pdb.yaml new file mode 100644 index 000000000..b4f008139 --- /dev/null +++ b/helm/kafka/templates/broker/pdb.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.broker.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "kafka.broker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.broker.pdb.minAvailable }} + minAvailable: {{ .Values.broker.pdb.minAvailable }} + {{- end }} + {{- if or .Values.broker.pdb.maxUnavailable (not .Values.broker.pdb.minAvailable) }} + maxUnavailable: {{ .Values.broker.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka +{{- end }} diff --git a/helm/kafka/templates/broker/statefulset.yaml b/helm/kafka/templates/broker/statefulset.yaml new file mode 100644 index 000000000..0836ae24f --- /dev/null +++ b/helm/kafka/templates/broker/statefulset.yaml @@ -0,0 +1,414 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if or (gt $replicaCount 0) .Values.broker.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "kafka.broker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podManagementPolicy: {{ .Values.broker.podManagementPolicy }} + {{- if not .Values.broker.autoscaling.hpa.enabled }} + replicas: {{ .Values.broker.replicaCount }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + serviceName: {{ printf "%s-headless" (include "kafka.broker.fullname" .) | trunc 63 | trimSuffix "-" }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.broker.updateStrategy "context" $ ) | nindent 4 }} + {{- if .Values.broker.minReadySeconds }} + minReadySeconds: {{ .Values.broker.minReadySeconds }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + annotations: + {{- if include "kafka.broker.createConfigmap" . }} + checksum/configuration: {{ include (print $.Template.BasePath "/broker/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if or (include "kafka.createSaslSecret" .) (not .Values.existingKraftSecret) }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if include "kafka.createTlsSecret" . }} + checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if include "kafka.metrics.jmx.createConfigmap" . }} + checksum/jmx-configuration: {{ include (print $.Template.BasePath "/metrics/jmx-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.broker.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.broker.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "kafka.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.broker.automountServiceAccountToken }} + {{- if .Values.broker.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.broker.hostAliases "context" $) | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.broker.hostNetwork }} + hostIPC: {{ .Values.broker.hostIPC }} + {{- if .Values.broker.schedulerName }} + schedulerName: {{ .Values.broker.schedulerName | quote }} + {{- end }} + {{- if .Values.broker.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.broker.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.broker.nodeAffinityPreset.type "key" .Values.broker.nodeAffinityPreset.key "values" .Values.broker.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.broker.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.broker.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.broker.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.broker.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.broker.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.broker.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.broker.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.broker.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.broker.priorityClassName }} + priorityClassName: {{ .Values.broker.priorityClassName }} + {{- end }} + {{- if .Values.controller.runtimeClassName }} + runtimeClassName: {{ .Values.controller.runtimeClassName }} + {{- end }} + {{- if .Values.broker.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.broker.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kafka.serviceAccountName" . }} + enableServiceLinks: {{ .Values.broker.enableServiceLinks }} + initContainers: + {{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.broker.persistence.enabled }} + {{- include "kafka.defaultInitContainers.volumePermissions" (dict "context" . "role" "broker") | nindent 8 }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.defaultInitContainers.autoDiscovery.enabled }} + {{- include "kafka.defaultInitContainers.autoDiscovery" (dict "context" . "role" "broker") | nindent 8 }} + {{- end }} + {{- include "kafka.defaultInitContainers.prepareConfig" (dict "context" . "role" "broker") | nindent 8 }} + {{- if .Values.broker.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.broker.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: kafka + image: {{ include "kafka.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.broker.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.broker.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.broker.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.broker.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.broker.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.broker.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: KAFKA_HEAP_OPTS + value: {{ coalesce .Values.broker.heapOpts .Values.heapOpts | quote }} + - name: KAFKA_CFG_PROCESS_ROLES + value: broker + {{- include "kafka.commonEnv" . | nindent 12 }} + {{- if .Values.broker.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.broker.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.broker.extraEnvVarsCM .Values.extraEnvVarsCM .Values.broker.extraEnvVarsSecret .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.broker.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.broker.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.broker.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.broker.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: client + containerPort: {{ .Values.listeners.client.containerPort }} + - name: interbroker + containerPort: {{ .Values.listeners.interbroker.containerPort }} + {{- if .Values.externalAccess.enabled }} + - name: external + containerPort: {{ .Values.listeners.external.containerPort }} + {{- end }} + {{- if .Values.listeners.extraListeners }} + {{- include "kafka.extraListeners.containerPorts" . | nindent 12 }} + {{- end }} + {{- if .Values.broker.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.broker.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.broker.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.broker.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.broker.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.broker.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - pgrep + - -f + - kafka + {{- end }} + {{- if .Values.broker.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.broker.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.broker.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.broker.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: "client" + {{- end }} + {{- if .Values.broker.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.broker.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.broker.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.broker.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: "client" + {{- end }} + {{- end }} + {{- if .Values.broker.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.broker.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.broker.resources }} + resources: {{- toYaml .Values.broker.resources | nindent 12 }} + {{- else if ne .Values.broker.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.broker.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.broker.persistence.mountPath }} + - name: logs + mountPath: {{ .Values.broker.logPersistence.mountPath }} + - name: kafka-config + mountPath: /opt/bitnami/kafka/config/server.properties + subPath: server.properties + - name: tmp + mountPath: /tmp + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + mountPath: /opt/bitnami/kafka/config/log4j2.yaml + subPath: log4j2.yaml + {{- end }} + {{- if include "kafka.sslEnabled" . }} + - name: kafka-shared-certs + mountPath: /opt/bitnami/kafka/config/certs + readOnly: true + {{- end }} + {{- if and .Values.usePasswordFiles (include "kafka.saslEnabled" .) }} + - name: kafka-sasl + mountPath: /opt/bitnami/kafka/config/secrets + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.broker.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.broker.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-exporter + image: {{ include "kafka.metrics.jmx.image" . }} + imagePullPolicy: {{ .Values.metrics.jmx.image.pullPolicy | quote }} + {{- if .Values.metrics.jmx.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.jmx.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - java + args: + - -XX:MaxRAMPercentage=100 + - -XshowSettings:vm + - -jar + - jmx_prometheus_standalone.jar + - {{ .Values.metrics.jmx.containerPorts.metrics | quote }} + - /etc/jmx-kafka/jmx-kafka-prometheus.yml + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.jmx.containerPorts.metrics }} + {{- if .Values.metrics.jmx.resources }} + resources: {{- toYaml .Values.metrics.jmx.resources | nindent 12 }} + {{- else if ne .Values.metrics.jmx.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.jmx.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.jmx.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.jmx.livenessProbe "enabled" | toYaml | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.jmx.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.jmx.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} + {{- if .Values.broker.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.broker.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: kafka-configmaps + configMap: + name: {{ include "kafka.broker.configmapName" . }} + - name: kafka-secret-config + {{- if (include "kafka.broker.secretConfigExists" .) }} + secret: + secretName: {{ include "kafka.broker.secretConfigName" . }} + {{- else }} + emptyDir: {} + {{- end }} + - name: kafka-config + emptyDir: {} + - name: tmp + emptyDir: {} + - name: init-shared + emptyDir: {} + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + configMap: + name: {{ include "kafka.log4j2.configMapName" . }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "kafka.metrics.jmx.configmapName" . }} + {{- end }} + {{- if include "kafka.sslEnabled" . }} + - name: kafka-shared-certs + emptyDir: {} + {{- if or .Values.tls.existingSecret .Values.tls.autoGenerated.enabled }} + - name: kafka-certs + projected: + defaultMode: 256 + sources: + - secret: + name: {{ include "kafka.tlsSecretName" . }} + {{- if .Values.tls.jksTruststoreSecret }} + - secret: + name: {{ .Values.tls.jksTruststoreSecret }} + {{- end }} + {{- end }} + {{- end }} + {{- if and .Values.usePasswordFiles (include "kafka.saslEnabled" .) }} + - name: kafka-sasl + projected: + sources: + - secret: + name: {{ include "kafka.saslSecretName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.broker.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.broker.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.broker.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if .Values.broker.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.broker.persistence.existingClaim .) }} + {{- end }} + {{- if not .Values.broker.logPersistence.enabled }} + - name: logs + emptyDir: {} + {{- else if .Values.broker.logPersistence.existingClaim }} + - name: logs + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.broker.logPersistence.existingClaim .) }} + {{- end }} + {{- if or (and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim)) (and .Values.broker.logPersistence.enabled (not .Values.broker.logPersistence.existingClaim)) }} + {{- if .Values.broker.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.broker.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.broker.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + {{- if and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim) }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + {{- if .Values.broker.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.broker.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.broker.persistence.labels }} + labels: {{- include "common.tplvalues.render" (dict "value" .Values.broker.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.broker.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.broker.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.broker.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.broker.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.broker.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} + {{- if and .Values.broker.logPersistence.enabled (not .Values.broker.logPersistence.existingClaim) }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: logs + {{- if .Values.broker.logPersistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.broker.logPersistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.broker.logPersistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.broker.logPersistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.broker.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.broker.logPersistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.broker.logPersistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/svc-external-access.yaml b/helm/kafka/templates/broker/svc-external-access.yaml new file mode 100644 index 000000000..79e8eee88 --- /dev/null +++ b/helm/kafka/templates/broker/svc-external-access.yaml @@ -0,0 +1,75 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.externalAccess.enabled }} +{{- $fullname := include "kafka.broker.fullname" . }} +{{- $replicaCount := .Values.broker.replicaCount | int }} +{{- range $i := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullname) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullname $i | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.broker.service.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + pod: {{ $targetPod }} + {{- if or $.Values.externalAccess.broker.service.annotations $.Values.commonAnnotations $.Values.externalAccess.broker.service.loadBalancerAnnotations }} + annotations: + {{- if and (not (empty $.Values.externalAccess.broker.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.broker.service.loadBalancerAnnotations) $replicaCount) }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.broker.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{- end }} + {{- if or $.Values.externalAccess.broker.service.annotations $.Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.broker.service.annotations $.Values.commonAnnotations ) "context" $ ) }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $.Values.externalAccess.broker.service.type }} + {{- if eq $.Values.externalAccess.broker.service.type "LoadBalancer" }} + allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.broker.service.allocateLoadBalancerNodePorts }} + {{- if (not (empty $.Values.externalAccess.broker.service.loadBalancerClass)) }} + loadBalancerClass: {{ $.Values.externalAccess.broker.service.loadBalancerClass }} + {{- end }} + {{- if and (not (empty $.Values.externalAccess.broker.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.broker.service.loadBalancerIPs) $replicaCount) }} + loadBalancerIP: {{ index $.Values.externalAccess.broker.service.loadBalancerIPs $i }} + {{- end }} + {{- if $.Values.externalAccess.broker.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $.Values.externalAccess.broker.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + publishNotReadyAddresses: {{ $.Values.externalAccess.broker.service.publishNotReadyAddresses }} + ports: + - name: tcp-kafka + port: {{ $.Values.externalAccess.broker.service.ports.external }} + {{- if le (add $i 1) (len $.Values.externalAccess.broker.service.nodePorts) }} + nodePort: {{ index $.Values.externalAccess.broker.service.nodePorts $i }} + {{- else }} + nodePort: null + {{- end }} + targetPort: external + {{- if $.Values.externalAccess.broker.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.broker.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $.Values.externalAccess.broker.service.type "NodePort") (le (add $i 1) (len $.Values.externalAccess.broker.service.externalIPs)) }} + externalIPs: [{{ index $.Values.externalAccess.broker.service.externalIPs $i | quote }}] + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.broker.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + app.kubernetes.io/component: broker + statefulset.kubernetes.io/pod-name: {{ $targetPod }} + {{- with $.Values.externalAccess.broker.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with $.Values.externalAccess.broker.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/svc-headless.yaml b/helm/kafka/templates/broker/svc-headless.yaml new file mode 100644 index 000000000..2a4be2497 --- /dev/null +++ b/helm/kafka/templates/broker/svc-headless.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if gt $replicaCount 0 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "kafka.broker.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.externalAccess.broker.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if or .Values.service.headless.broker.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.broker.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: tcp-interbroker + port: {{ .Values.service.ports.interbroker }} + protocol: TCP + targetPort: interbroker + - name: tcp-client + port: {{ .Values.service.ports.client }} + protocol: TCP + targetPort: client + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- with .Values.service.headless.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with .Values.service.headless.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/broker/vpa.yaml b/helm/kafka/templates/broker/vpa.yaml new file mode 100644 index 000000000..4e830922f --- /dev/null +++ b/helm/kafka/templates/broker/vpa.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.broker.replicaCount }} +{{- if and (gt $replicaCount 0) (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.broker.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }} +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kafka.broker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: broker + app.kubernetes.io/part-of: kafka + {{- if or .Values.broker.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: kafka + {{- with .Values.broker.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.broker.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.broker.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: {{ (include "common.capabilities.statefulset.apiVersion" .) }} + kind: StatefulSet + name: {{ template "kafka.broker.fullname" . }} + {{- if .Values.broker.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.broker.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/ca-cert.yaml b/helm/kafka/templates/ca-cert.yaml new file mode 100644 index 000000000..ecf626f01 --- /dev/null +++ b/helm/kafka/templates/ca-cert.yaml @@ -0,0 +1,53 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if include "kafka.createCertificate" . }} +{{- if empty .Values.tls.autoGenerated.certManager.existingIssuer }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ printf "%s-clusterissuer" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selfSigned: {} +--- +{{- end }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} + commonName: {{ printf "%s-root-ca" (include "common.names.fullname" .) }} + isCA: true + issuerRef: + name: {{ default (printf "%s-clusterissuer" (include "common.names.fullname" .)) .Values.tls.autoGenerated.certManager.existingIssuer }} + kind: {{ default "Issuer" .Values.tls.autoGenerated.certManager.existingIssuerKind }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + ca: + secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} +{{- end }} diff --git a/helm/kafka/templates/cert.yaml b/helm/kafka/templates/cert.yaml new file mode 100644 index 000000000..f04f770d2 --- /dev/null +++ b/helm/kafka/templates/cert.yaml @@ -0,0 +1,56 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if include "kafka.createCertificate" . }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ include "kafka.tlsSecretName" . }} + commonName: {{ printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }} + issuerRef: + name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }} + kind: Issuer + subject: + organizations: + - "Kafka" + dnsNames: + {{- $controllerSvcName := printf "%s-headless" (include "kafka.controller.fullname" .) | trunc 63 | trimSuffix "-" }} + {{- $brokerSvcName := printf "%s-headless" (include "kafka.broker.fullname" .) | trunc 63 | trimSuffix "-" }} + - '*.{{ include "common.names.namespace" . }}' + - '*.{{ include "common.names.namespace" . }}.svc' + - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}' + - '*.{{ $controllerSvcName }}' + - '*.{{ $controllerSvcName }}.{{ include "common.names.namespace" . }}' + - '*.{{ $controllerSvcName }}.{{ include "common.names.namespace" . }}.svc' + - '*.{{ $controllerSvcName }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}' + - '*.{{ $brokerSvcName }}' + - '*.{{ $brokerSvcName }}.{{ include "common.names.namespace" . }}' + - '*.{{ $brokerSvcName }}.{{ include "common.names.namespace" . }}.svc' + - '*.{{ $brokerSvcName }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}' + {{- if .Values.externalAccess.enabled -}} + {{- with .Values.externalAccess.broker.service.domain }} + - '*.{{ . }}' + {{- end }} + {{- with .Values.externalAccess.controller.service.domain }} + - '*.{{ . }}' + {{- end }} + {{- end }} + {{- range .Values.tls.autoGenerated.customAltNames }} + - '{{ . }}' + {{- end }} + privateKey: + algorithm: {{ .Values.tls.autoGenerated.certManager.keyAlgorithm }} + size: {{ int .Values.tls.autoGenerated.certManager.keySize }} + duration: {{ .Values.tls.autoGenerated.certManager.duration }} + renewBefore: {{ .Values.tls.autoGenerated.certManager.renewBefore }} +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/config-secrets.yaml b/helm/kafka/templates/controller-eligible/config-secrets.yaml new file mode 100644 index 000000000..cdb4f1988 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/config-secrets.yaml @@ -0,0 +1,23 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.controller.replicaCount }} +{{- if and (include "kafka.controller.createSecretConfig" .) (gt $replicaCount 0) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-secret-configuration" (include "kafka.controller.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + server-secret.properties: {{ include "kafka.controller.secretConfig" . | b64enc }} +{{- end }} + diff --git a/helm/kafka/templates/controller-eligible/configmap.yaml b/helm/kafka/templates/controller-eligible/configmap.yaml new file mode 100644 index 000000000..3b3780671 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/configmap.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the Kafka controller configuration. +ref: https://kafka.apache.org/documentation/#configuration +*/}} +{{- define "kafka.controller.config" -}} +{{- if or .Values.config .Values.controller.config }} +{{- include "common.tplvalues.render" (dict "value" (coalesce .Values.controller.config .Values.config) "context" .) }} +{{- else }} +# Listeners configuration +listeners: {{ include "kafka.listeners" (dict "isController" true "context" .) }} +listener.security.protocol.map: {{ include "kafka.securityProtocolMap" (dict "isController" true "context" .) }} +{{- if not .Values.controller.controllerOnly }} +advertised.listeners: {{ include "kafka.advertisedListeners" . }} +{{- end }} +# Kafka data logs directory +log.dir: {{ printf "%s/data" .Values.controller.persistence.mountPath }} +# Kafka application logs directory +logs.dir: {{ .Values.controller.logPersistence.mountPath }} +# KRaft node role +process.roles: {{ ternary "controller" "controller,broker" .Values.controller.controllerOnly }} +# Common Kafka Configuration +{{ include "kafka.commonConfig" . }} +{{- end -}} +{{- end -}} + +{{- $replicaCount := int .Values.controller.replicaCount }} +{{- if and (include "kafka.controller.createConfigmap" .) (gt $replicaCount 0) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "kafka.controller.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $configuration := include "kafka.controller.config" . | fromYaml -}} + {{- if or .Values.overrideConfiguration .Values.controller.overrideConfiguration }} + {{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.overrideConfiguration "context" .) | fromYaml }} + {{- $controllerOverrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.controller.overrideConfiguration "context" .) | fromYaml }} + {{- $configuration = mustMergeOverwrite $configuration $overrideConfiguration $controllerOverrideConfiguration }} + {{- end }} + server.properties: |- + {{- range $key, $value := $configuration }} + {{ $key }}={{ include "common.tplvalues.render" (dict "value" $value "context" $) }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/hpa.yaml b/helm/kafka/templates/controller-eligible/hpa.yaml new file mode 100644 index 000000000..4760120e0 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/hpa.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.controller.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kafka.controller.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller + app.kubernetes.io/part-of: kafka + {{- if or .Values.controller.autoscaling.hpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.autoscaling.hpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ template "kafka.controller.fullname" . }} + minReplicas: {{ .Values.controller.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.controller.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.controller.autoscaling.hpa.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.controller.autoscaling.hpa.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.controller.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.controller.autoscaling.hpa.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.controller.autoscaling.hpa.targetMemory }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/networkpolicy.yaml b/helm/kafka/templates/controller-eligible/networkpolicy.yaml new file mode 100644 index 000000000..501a2be06 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/networkpolicy.yaml @@ -0,0 +1,100 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "kafka.controller.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: controller + app.kubernetes.io/part-of: kafka + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow internal communications between nodes + - ports: + - port: {{ .Values.listeners.controller.containerPort }} + {{- if not .Values.controller.controllerOnly }} + - port: {{ .Values.listeners.client.containerPort }} + - port: {{ .Values.listeners.interbroker.containerPort }} + {{- range $listener := .Values.listeners.extraListeners }} + - port: {{ $listener.containerPort }} + {{- end }} + {{- end }} + {{- if .Values.externalAccess.enabled }} + - port: {{ .Values.listeners.external.containerPort }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow client connections + - ports: + - port: {{ .Values.listeners.controller.containerPort }} + {{- if not .Values.controller.controllerOnly }} + - port: {{ .Values.listeners.client.containerPort }} + - port: {{ .Values.listeners.interbroker.containerPort }} + {{- range $listener := .Values.listeners.extraListeners }} + - port: {{ $listener.containerPort }} + {{- end }} + {{- end }} + {{- if .Values.externalAccess.enabled }} + - port: {{ .Values.listeners.external.containerPort }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - port: {{ .Values.metrics.jmx.containerPorts.metrics }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if and .Values.networkPolicy.addExternalClientAccess (not .Values.controller.controllerOnly) }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- end }} + {{- if .Values.networkPolicy.ingressPodMatchLabels }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSPodMatchLabel "context" $ ) | nindent 14 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/pdb.yaml b/helm/kafka/templates/controller-eligible/pdb.yaml new file mode 100644 index 000000000..7bd06ff01 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/pdb.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.controller.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "kafka.controller.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- end }} + {{- if or .Values.controller.pdb.maxUnavailable (not .Values.controller.pdb.minAvailable) }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/statefulset.yaml b/helm/kafka/templates/controller-eligible/statefulset.yaml new file mode 100644 index 000000000..52f9cc080 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/statefulset.yaml @@ -0,0 +1,425 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "kafka.controller.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podManagementPolicy: {{ .Values.controller.podManagementPolicy }} + {{- if not .Values.controller.autoscaling.hpa.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + serviceName: {{ printf "%s-headless" (include "kafka.controller.fullname" .) | trunc 63 | trimSuffix "-" }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.controller.updateStrategy "context" $ ) | nindent 4 }} + {{- if .Values.controller.minReadySeconds }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + annotations: + {{- if include "kafka.controller.createConfigmap" . }} + checksum/configuration: {{ include (print $.Template.BasePath "/controller-eligible/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if or (include "kafka.createSaslSecret" .) (not .Values.existingKraftSecret) }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if include "kafka.createTlsSecret" . }} + checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if include "kafka.metrics.jmx.createConfigmap" . }} + checksum/jmx-configuration: {{ include (print $.Template.BasePath "/metrics/jmx-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "kafka.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + {{- if .Values.controller.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + hostIPC: {{ .Values.controller.hostIPC }} + {{- if .Values.controller.schedulerName }} + schedulerName: {{ .Values.controller.schedulerName | quote }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + {{- if .Values.controller.runtimeClassName }} + runtimeClassName: {{ .Values.controller.runtimeClassName }} + {{- end }} + {{- if .Values.controller.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kafka.serviceAccountName" . }} + enableServiceLinks: {{ .Values.controller.enableServiceLinks }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" $) | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.controller.persistence.enabled }} + {{- include "kafka.defaultInitContainers.volumePermissions" (dict "context" . "role" "controller") | nindent 8 }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.defaultInitContainers.autoDiscovery.enabled (or .Values.externalAccess.controller.forceExpose (not .Values.controller.controllerOnly)) }} + {{- include "kafka.defaultInitContainers.autoDiscovery" (dict "context" . "role" "controller") | nindent 8 }} + {{- end }} + {{- include "kafka.defaultInitContainers.prepareConfig" (dict "context" . "role" "controller") | nindent 8 }} + {{- if .Values.controller.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controller.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: kafka + image: {{ include "kafka.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.controller.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.controller.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.controller.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: KAFKA_HEAP_OPTS + value: {{ coalesce .Values.controller.heapOpts .Values.heapOpts | quote }} + - name: KAFKA_CFG_PROCESS_ROLES + value: {{ ternary "controller" "controller,broker" .Values.controller.controllerOnly | quote }} + - name: KAFKA_INITIAL_CONTROLLERS_FILE + value: /shared/initial-controllers.txt + {{- include "kafka.commonEnv" . | nindent 12 }} + {{- if .Values.controller.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.controller.extraEnvVarsCM .Values.extraEnvVarsCM .Values.controller.extraEnvVarsSecret .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.controller.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.controller.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: controller + containerPort: {{ .Values.listeners.controller.containerPort }} + {{- if not .Values.controller.controllerOnly }} + - name: client + containerPort: {{ .Values.listeners.client.containerPort }} + - name: interbroker + containerPort: {{ .Values.listeners.interbroker.containerPort }} + {{- if .Values.externalAccess.enabled }} + - name: external + containerPort: {{ .Values.listeners.external.containerPort }} + {{- end }} + {{- if and .Values.listeners.extraListeners (not .Values.controller.controllerOnly) }} + {{- include "kafka.extraListeners.containerPorts" . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.controller.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - pgrep + - -f + - kafka + {{- end }} + {{- if .Values.controller.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: "controller" + {{- end }} + {{- if .Values.controller.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: "controller" + {{- end }} + {{- end }} + {{- if .Values.controller.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{- toYaml .Values.controller.resources | nindent 12 }} + {{- else if ne .Values.controller.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.controller.persistence.mountPath }} + - name: logs + mountPath: {{ .Values.controller.logPersistence.mountPath }} + - name: kafka-config + mountPath: /opt/bitnami/kafka/config/server.properties + subPath: server.properties + - name: tmp + mountPath: /tmp + - name: init-shared + mountPath: /shared + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + mountPath: /opt/bitnami/kafka/config/log4j2.yaml + subPath: log4j2.yaml + {{- end }} + {{- if include "kafka.sslEnabled" . }} + - name: kafka-shared-certs + mountPath: /opt/bitnami/kafka/config/certs + readOnly: true + {{- end }} + {{- if and .Values.usePasswordFiles (include "kafka.saslEnabled" .) }} + - name: kafka-sasl + mountPath: /opt/bitnami/kafka/config/secrets + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-exporter + image: {{ include "kafka.metrics.jmx.image" . }} + imagePullPolicy: {{ .Values.metrics.jmx.image.pullPolicy | quote }} + {{- if .Values.metrics.jmx.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.jmx.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - java + args: + - -XX:MaxRAMPercentage=100 + - -XshowSettings:vm + - -jar + - jmx_prometheus_standalone.jar + - {{ .Values.metrics.jmx.containerPorts.metrics | quote }} + - /etc/jmx-kafka/jmx-kafka-prometheus.yml + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.jmx.containerPorts.metrics }} + {{- if .Values.metrics.jmx.resources }} + resources: {{- toYaml .Values.metrics.jmx.resources | nindent 12 }} + {{- else if ne .Values.metrics.jmx.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.jmx.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.jmx.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.jmx.livenessProbe "enabled" | toYaml | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.jmx.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.jmx.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} + {{- if .Values.controller.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: kafka-configmaps + configMap: + name: {{ include "kafka.controller.configmapName" . }} + - name: kafka-secret-config + {{- if (include "kafka.controller.secretConfigExists" .) }} + secret: + secretName: {{ include "kafka.controller.secretConfigName" . }} + {{- else }} + emptyDir: {} + {{- end }} + - name: kafka-config + emptyDir: {} + - name: tmp + emptyDir: {} + - name: init-shared + emptyDir: {} + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + configMap: + name: {{ include "kafka.log4j2.configMapName" . }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "kafka.metrics.jmx.configmapName" . }} + {{- end }} + {{- if include "kafka.sslEnabled" . }} + - name: kafka-shared-certs + emptyDir: {} + {{- if or .Values.tls.existingSecret .Values.tls.autoGenerated.enabled }} + - name: kafka-certs + projected: + defaultMode: 256 + sources: + - secret: + name: {{ include "kafka.tlsSecretName" . }} + {{- if .Values.tls.jksTruststoreSecret }} + - secret: + name: {{ .Values.tls.jksTruststoreSecret }} + {{- end }} + {{- end }} + {{- end }} + {{- if and .Values.usePasswordFiles (include "kafka.saslEnabled" .) }} + - name: kafka-sasl + projected: + sources: + - secret: + name: {{ include "kafka.saslSecretName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.controller.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if .Values.controller.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.controller.persistence.existingClaim .) }} + {{- end }} + {{- if not .Values.controller.logPersistence.enabled }} + - name: logs + emptyDir: {} + {{- else if .Values.controller.logPersistence.existingClaim }} + - name: logs + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.controller.logPersistence.existingClaim .) }} + {{- end }} + {{- if or (and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim)) (and .Values.controller.logPersistence.enabled (not .Values.controller.logPersistence.existingClaim)) }} + {{- if .Values.controller.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.controller.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.controller.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + {{- if and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim) }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + {{- if .Values.controller.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.controller.persistence.labels }} + labels: {{- include "common.tplvalues.render" (dict "value" .Values.controller.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.controller.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.controller.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.controller.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.controller.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.controller.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} + {{- if and .Values.controller.logPersistence.enabled (not .Values.controller.logPersistence.existingClaim) }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: logs + {{- if .Values.controller.logPersistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.logPersistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.controller.logPersistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.controller.logPersistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.controller.logPersistence "global" .Values.global) | nindent 8 }} + {{- if .Values.controller.logPersistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.controller.logPersistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} + {{- end }} diff --git a/helm/kafka/templates/controller-eligible/svc-external-access.yaml b/helm/kafka/templates/controller-eligible/svc-external-access.yaml new file mode 100644 index 000000000..871c5f93e --- /dev/null +++ b/helm/kafka/templates/controller-eligible/svc-external-access.yaml @@ -0,0 +1,77 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.externalAccess.enabled }} +{{- $fullname := include "kafka.controller.fullname" . }} +{{- if or .Values.externalAccess.controller.forceExpose (not .Values.controller.controllerOnly)}} +{{- $replicaCount := .Values.controller.replicaCount | int }} +{{- range $i := until $replicaCount }} +{{- $targetPod := printf "%s-%d" $fullname $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullname $i | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.controller.service.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + pod: {{ $targetPod }} + {{- if or $.Values.externalAccess.controller.service.annotations $.Values.commonAnnotations $.Values.externalAccess.controller.service.loadBalancerAnnotations }} + annotations: + {{- if and (not (empty $.Values.externalAccess.controller.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.controller.service.loadBalancerAnnotations) $replicaCount) }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.controller.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{- end }} + {{- if or $.Values.externalAccess.controller.service.annotations $.Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.controller.service.annotations $.Values.commonAnnotations ) "context" $ ) }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $.Values.externalAccess.controller.service.type }} + {{- if eq $.Values.externalAccess.controller.service.type "LoadBalancer" }} + allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.controller.service.allocateLoadBalancerNodePorts }} + {{- if (not (empty $.Values.externalAccess.controller.service.loadBalancerClass)) }} + loadBalancerClass: {{ $.Values.externalAccess.controller.service.loadBalancerClass }} + {{- end }} + {{- if and (not (empty $.Values.externalAccess.controller.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.controller.service.loadBalancerIPs) $replicaCount) }} + loadBalancerIP: {{ index $.Values.externalAccess.controller.service.loadBalancerIPs $i }} + {{- end }} + {{- if $.Values.externalAccess.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $.Values.externalAccess.controller.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + publishNotReadyAddresses: {{ $.Values.externalAccess.controller.service.publishNotReadyAddresses }} + ports: + - name: tcp-kafka + port: {{ $.Values.externalAccess.controller.service.ports.external }} + {{- if le (add $i 1) (len $.Values.externalAccess.controller.service.nodePorts) }} + nodePort: {{ index $.Values.externalAccess.controller.service.nodePorts $i }} + {{- else }} + nodePort: null + {{- end }} + targetPort: external + {{- if $.Values.externalAccess.controller.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.controller.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $.Values.externalAccess.controller.service.type "NodePort") (le (add $i 1) (len $.Values.externalAccess.controller.service.externalIPs)) }} + externalIPs: [{{ index $.Values.externalAccess.controller.service.externalIPs $i | quote }}] + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.controller.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + app.kubernetes.io/component: controller-eligible + statefulset.kubernetes.io/pod-name: {{ $targetPod }} + {{- with $.Values.externalAccess.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with $.Values.externalAccess.controller.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/kafka/templates/controller-eligible/svc-headless.yaml b/helm/kafka/templates/controller-eligible/svc-headless.yaml new file mode 100644 index 000000000..f78d7d45a --- /dev/null +++ b/helm/kafka/templates/controller-eligible/svc-headless.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "kafka.controller.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.controller.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- if or .Values.service.headless.controller.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.controller.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- if not .Values.controller.controllerOnly }} + - name: tcp-interbroker + port: {{ .Values.service.ports.interbroker }} + protocol: TCP + targetPort: interbroker + - name: tcp-client + port: {{ .Values.service.ports.client }} + protocol: TCP + targetPort: client + {{- end }} + - name: tcp-controller + protocol: TCP + port: {{ .Values.service.ports.controller }} + targetPort: controller + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller-eligible + app.kubernetes.io/part-of: kafka + {{- with .Values.service.headless.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with .Values.service.headless.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/helm/kafka/templates/controller-eligible/vpa.yaml b/helm/kafka/templates/controller-eligible/vpa.yaml new file mode 100644 index 000000000..76abb7023 --- /dev/null +++ b/helm/kafka/templates/controller-eligible/vpa.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.controller.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }} +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kafka.controller.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller + app.kubernetes.io/part-of: kafka + {{- if or .Values.controller.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: kafka + {{- with .Values.controller.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: {{ (include "common.capabilities.statefulset.apiVersion" .) }} + kind: StatefulSet + name: {{ template "kafka.controller.fullname" . }} + {{- if .Values.controller.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.controller.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/extra-list.yaml b/helm/kafka/templates/extra-list.yaml new file mode 100644 index 000000000..329f5c653 --- /dev/null +++ b/helm/kafka/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/kafka/templates/init-job.yaml b/helm/kafka/templates/init-job.yaml new file mode 100644 index 000000000..f5be77911 --- /dev/null +++ b/helm/kafka/templates/init-job.yaml @@ -0,0 +1,44 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: kafka-topic-init + labels: + app.kubernetes.io/name: kafka-topic-init + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: create-grip-history-topic + image: bitnami/kafka:latest + env: + - name: KAFKA_CLIENT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-kafka-user-passwords + key: client-passwords + command: + - /bin/bash + - -c + - | + echo "Checking Kafka connectivity..." + while ! (echo > /dev/tcp/{{ .Release.Name }}-kafka-controller-headless/9092) 2>/dev/null; do + echo "Waiting for Kafka..." + sleep 2 + done + echo "Kafka is up. Creating topic..." + + cat < /tmp/kafka-client.properties + security.protocol=SASL_PLAINTEXT + sasl.mechanism=PLAIN + sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user1" password="${KAFKA_CLIENT_PASSWORD}"; + EOF + + kafka-topics.sh --create \ + --bootstrap-server {{ .Release.Name }}-kafka-controller-headless:9092 \ + --replication-factor 1 \ + --partitions 1 \ + --topic grip-history \ + --command-config /tmp/kafka-client.properties \ No newline at end of file diff --git a/helm/kafka/templates/log4j2-configmap.yaml b/helm/kafka/templates/log4j2-configmap.yaml new file mode 100644 index 000000000..c4f9f5ee8 --- /dev/null +++ b/helm/kafka/templates/log4j2-configmap.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.log4j2 (not .Values.existingLog4j2ConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-log4j2-configuration" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + log4j2.yaml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.log4j2 "context" $ ) | nindent 4 }} +{{- end }} diff --git a/helm/kafka/templates/metrics/jmx-configmap.yaml b/helm/kafka/templates/metrics/jmx-configmap.yaml new file mode 100644 index 000000000..ae9529482 --- /dev/null +++ b/helm/kafka/templates/metrics/jmx-configmap.yaml @@ -0,0 +1,70 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if include "kafka.metrics.jmx.createConfigmap" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-jmx-configuration" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + jmx-kafka-prometheus.yml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.config "context" $ ) | nindent 4 }} + rules: + - pattern: kafka.controller<>(Value) + name: kafka_controller_$1_$2_$4 + labels: + broker_id: "$3" + - pattern: kafka.controller<>(Value) + name: kafka_controller_$1_$2_$3 + - pattern: kafka.controller<>(Value) + name: kafka_controller_$1_$2_$3 + - pattern: kafka.controller<>(Count) + name: kafka_controller_$1_$2_$3 + - pattern : kafka.network<>(Value) + name: kafka_network_$1_$2_$4 + labels: + network_processor: $3 + - pattern : kafka.network<>(Count|Value) + name: kafka_network_$1_$2_$4 + labels: + request: $3 + - pattern : kafka.network<>(Count|Value) + name: kafka_network_$1_$2_$3 + - pattern : kafka.network<>(Count|Value) + name: kafka_network_$1_$2_$3 + - pattern: kafka.server<>(Count|OneMinuteRate) + name: kafka_server_$1_$2_$4 + labels: + topic: $3 + - pattern: kafka.server<>(Value) + name: kafka_server_$1_$2_$4 + labels: + client_id: "$3" + - pattern: kafka.server<>(Value) + name: kafka_server_$1_$2_$3_$4 + - pattern: kafka.server<>(Count|Value|OneMinuteRate) + name: kafka_server_$1_total_$2_$3 + - pattern: kafka.server<>(queue-size) + name: kafka_server_$1_$2 + - pattern: java.lang<(.+)>(\w+) + name: java_lang_$1_$4_$3_$2 + - pattern: java.lang<>(\w+) + name: java_lang_$1_$3_$2 + - pattern : java.lang + - pattern: kafka.log<>Value + name: kafka_log_$1_$2 + labels: + topic: $3 + partition: $4 + {{- if .Values.metrics.jmx.extraRules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.extraRules "context" $ ) | nindent 6 }} + {{- end }} +{{- end -}} diff --git a/helm/kafka/templates/metrics/jmx-servicemonitor.yaml b/helm/kafka/templates/metrics/jmx-servicemonitor.yaml new file mode 100644 index 000000000..7b1127a03 --- /dev/null +++ b/helm/kafka/templates/metrics/jmx-servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.jmx.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + path: {{ .Values.metrics.serviceMonitor.path }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . }} +{{- end }} diff --git a/helm/kafka/templates/metrics/jmx-svc.yaml b/helm/kafka/templates/metrics/jmx-svc.yaml new file mode 100644 index 000000000..2e58fcd26 --- /dev/null +++ b/helm/kafka/templates/metrics/jmx-svc.yaml @@ -0,0 +1,38 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.metrics.jmx.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if or .Values.metrics.jmx.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.jmx.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.jmx.service.sessionAffinity }} + {{- if .Values.metrics.jmx.service.clusterIP }} + clusterIP: {{ .Values.metrics.jmx.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.jmx.service.ports.metrics }} + protocol: TCP + targetPort: metrics + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- with .Values.metrics.jmx.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with .Values.metrics.jmx.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/metrics/prometheusrule.yaml b/helm/kafka/templates/metrics/prometheusrule.yaml new file mode 100644 index 000000000..e43bd9bfc --- /dev/null +++ b/helm/kafka/templates/metrics/prometheusrule.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.jmx.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.groups }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.prometheusRule.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" .) | nindent 4 }} + {{- end }} +spec: + groups: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.groups "context" .) | nindent 4 }} +{{- end }} diff --git a/helm/kafka/templates/provisioning/job.yaml b/helm/kafka/templates/provisioning/job.yaml new file mode 100644 index 000000000..a0c924551 --- /dev/null +++ b/helm/kafka/templates/provisioning/job.yaml @@ -0,0 +1,325 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.provisioning.enabled }} +kind: Job +apiVersion: batch/v1 +metadata: + name: {{ printf "%s-provisioning" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka-provisioning + annotations: + {{- if .Values.provisioning.useHelmHooks }} + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + template: + metadata: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.provisioning.podLabels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: kafka-provisioning + {{- if .Values.provisioning.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kafka.provisioning.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.provisioning.automountServiceAccountToken }} + enableServiceLinks: {{ .Values.provisioning.enableServiceLinks }} + {{- include "kafka.imagePullSecrets" . | nindent 6 }} + {{- if .Values.provisioning.schedulerName }} + schedulerName: {{ .Values.provisioning.schedulerName | quote }} + {{- end }} + {{- if .Values.provisioning.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + {{- if .Values.provisioning.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.provisioning.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.tolerations "context" .) | nindent 8 }} + {{- end }} + initContainers: + - name: prepare-config + image: {{ include "kafka.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.provisioning.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + . /opt/bitnami/scripts/libkafka.sh + + if [[ ! -f "$KAFKA_CONF_FILE" ]]; then + touch $KAFKA_CONF_FILE + + kafka_server_conf_set security.protocol {{ .Values.listeners.client.protocol | quote }} + {{- if regexFind "SSL" (upper .Values.listeners.client.protocol) }} + kafka_server_conf_set ssl.keystore.type {{ upper .Values.provisioning.auth.tls.type | quote }} + kafka_server_conf_set ssl.truststore.type {{ upper .Values.provisioning.auth.tls.type | quote }} + ! is_empty_value "$KAFKA_CLIENT_KEY_PASSWORD" && kafka_server_conf_set ssl.key.password "$KAFKA_CLIENT_KEY_PASSWORD" + {{- if eq (upper .Values.provisioning.auth.tls.type) "PEM" }} + {{- if .Values.provisioning.auth.tls.caCert }} + file_to_multiline_property() { + awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" + } + kafka_server_conf_set ssl.keystore.key "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.key }}")" + kafka_server_conf_set ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")" + kafka_server_conf_set ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")" + {{- else }} + kafka_server_conf_set ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}" + kafka_server_conf_set ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}" + {{- end }} + {{- else if eq (upper .Values.provisioning.auth.tls.type) "JKS" }} + kafka_server_conf_set ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}" + kafka_server_conf_set ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}" + ! is_empty_value "$KAFKA_CLIENT_KEYSTORE_PASSWORD" && kafka_server_conf_set ssl.keystore.password "$KAFKA_CLIENT_KEYSTORE_PASSWORD" + ! is_empty_value "$KAFKA_CLIENT_TRUSTSTORE_PASSWORD" && kafka_server_conf_set ssl.truststore.password "$KAFKA_CLIENT_TRUSTSTORE_PASSWORD" + {{- end }} + {{- end }} + {{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }} + {{- if regexFind "PLAIN" ( upper .Values.sasl.enabledMechanisms) }} + kafka_server_conf_set sasl.mechanism PLAIN + kafka_server_conf_set sasl.jaas.config "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$SASL_USERNAME\" password=\"$SASL_USER_PASSWORD\";" + {{- else if regexFind "SCRAM-SHA-256" ( upper .Values.sasl.enabledMechanisms) }} + kafka_server_conf_set sasl.mechanism SCRAM-SHA-256 + kafka_server_conf_set sasl.jaas.config "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"$SASL_USERNAME\" password=\"$SASL_USER_PASSWORD\";" + {{- else if regexFind "SCRAM-SHA-512" ( upper .Values.sasl.enabledMechanisms) }} + kafka_server_conf_set sasl.mechanism SCRAM-SHA-512 + kafka_server_conf_set sasl.jaas.config "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"$SASL_USERNAME\" password=\"$SASL_USER_PASSWORD\";" + {{- else if regexFind "OAUTHBEARER" ( upper .Values.sasl.enabledMechanisms) }} + kafka_server_conf_set sasl.mechanism OAUTHBEARER + kafka_server_conf_set sasl.jaas.config "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required clientId=\"$SASL_CLIENT_ID\" password=\"$SASL_CLIENT_SECRET\";" + kafka_server_conf_set sasl.login.callback.handler.class "org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler" + kafka_server_conf_set sasl.oauthbearer.token.endpoint.url {{ .Values.sasl.oauthbearer.tokenEndpointUrl | quote }} + {{- end }} + {{- end }} + fi + env: + - name: KAFKA_CONF_FILE + value: /shared/client.properties + {{- if and (regexFind "SSL" (upper .Values.listeners.client.protocol)) .Values.provisioning.auth.tls.passwordsSecret }} + - name: KAFKA_CLIENT_KEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kafka.client.passwordsSecretName" . }} + key: {{ .Values.provisioning.auth.tls.keyPasswordSecretKey }} + - name: KAFKA_CLIENT_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kafka.client.passwordsSecretName" . }} + key: {{ .Values.provisioning.auth.tls.keystorePasswordSecretKey }} + - name: KAFKA_CLIENT_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kafka.client.passwordsSecretName" . }} + key: {{ .Values.provisioning.auth.tls.truststorePasswordSecretKey }} + {{- end }} + {{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }} + {{- if include "kafka.saslUserPasswordsEnabled" . }} + - name: SASL_USERNAME + value: {{ index .Values.sasl.client.users 0 | quote }} + - name: SASL_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: system-user-password + {{- end }} + {{- if include "kafka.saslClientSecretsEnabled" . }} + - name: SASL_CLIENT_ID + value: {{ .Values.sasl.interbroker.clientId | quote }} + - name: SASL_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "kafka.saslSecretName" . }} + key: inter-broker-client-secret + {{- end }} + {{- end }} + {{- if .Values.provisioning.resources }} + resources: {{- toYaml .Values.provisioning.resources | nindent 12 }} + {{- else if ne .Values.provisioning.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.provisioning.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + {{- if .Values.provisioning.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.provisioning.waitForKafka }} + - name: wait-for-available-kafka + image: {{ include "kafka.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.provisioning.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + . /opt/bitnami/scripts/libos.sh + + exit_code=0 + if ! retry_while "/opt/bitnami/kafka/bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_SERVICE} --command-config /shared/client.properties"; then + echo "Kafka is not ready" + exit_code=1 + else + echo "Kafka ready" + fi + + exit "$exit_code" + env: + - name: KAFKA_SERVICE + value: {{ printf "%s:%d" (include "common.names.fullname" .) (.Values.service.ports.client | int64) }} + {{- if .Values.provisioning.resources }} + resources: {{- toYaml .Values.provisioning.resources | nindent 12 }} + {{- else if ne .Values.provisioning.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.provisioning.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.provisioning.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: kafka-provisioning + image: {{ include "kafka.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.provisioning.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.provisioning.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.provisioning.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.args "context" $) | nindent 12 }} + {{- else }} + args: + - -ec + - | + {{- if .Values.provisioning.preScript }} + echo "Running pre-provisioning script" + {{ .Values.provisioning.preScript | nindent 14 }} + {{- end }} + + kafka_provisioning_commands=( + {{- range $topic := .Values.provisioning.topics }} + "/opt/bitnami/kafka/bin/kafka-topics.sh \ + --create \ + --if-not-exists \ + --bootstrap-server ${KAFKA_SERVICE} \ + --replication-factor {{ $topic.replicationFactor | default $.Values.provisioning.replicationFactor }} \ + --partitions {{ $topic.partitions | default $.Values.provisioning.numPartitions }} \ + {{- range $name, $value := $topic.config }} + --config {{ $name }}={{ $value }} \ + {{- end }} + --command-config /shared/client.properties \ + --topic {{ $topic.name }}" + {{- end }} + {{- range $command := .Values.provisioning.extraProvisioningCommands }} + {{- $command | quote | nindent 16 }} + {{- end }} + ) + + echo "Starting provisioning" + for ((index=0; index < ${#kafka_provisioning_commands[@]}; index+={{ .Values.provisioning.parallel }})); do + for j in $(seq ${index} $((${index}+{{ .Values.provisioning.parallel }}-1))); do + ${kafka_provisioning_commands[j]} & + done + # Wait the end of the jobs + wait + done + + {{- if .Values.provisioning.preScript }} + echo "Running post-provisioning script" + {{ .Values.provisioning.postScript | nindent 14 }} + {{- end }} + + echo "Provisioning succeeded" + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: KAFKA_SERVICE + value: {{ printf "%s:%d" (include "common.names.fullname" .) (.Values.service.ports.client | int64) }} + {{- if .Values.provisioning.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.provisioning.extraEnvVarsCM .Values.provisioning.extraEnvVarsSecret }} + envFrom: + {{- if .Values.provisioning.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.provisioning.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.provisioning.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.provisioning.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + {{- if .Values.provisioning.resources }} + resources: {{- toYaml .Values.provisioning.resources | nindent 12 }} + {{- else if ne .Values.provisioning.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.provisioning.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + mountPath: /opt/bitnami/kafka/config/log4j2.yaml + subPath: log4j2.yaml + {{- end }} + {{- if (regexFind "SSL" (upper .Values.listeners.client.protocol)) }} + {{- if not (empty .Values.provisioning.auth.tls.certificatesSecret) }} + - name: kafka-client-certs + mountPath: /certs + readOnly: true + {{- end }} + {{- end }} + - name: shared + mountPath: /shared + {{- if .Values.provisioning.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.provisioning.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.log4j2 .Values.existingLog4j2ConfigMap }} + - name: log4j2-config + configMap: + name: {{ include "kafka.log4j2.configMapName" . }} + {{- end }} + {{- if (regexFind "SSL" (upper .Values.listeners.client.protocol)) }} + {{- if not (empty .Values.provisioning.auth.tls.certificatesSecret) }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.provisioning.auth.tls.certificatesSecret }} + defaultMode: 256 + {{- end }} + {{- end }} + - name: shared + emptyDir: {} + {{- if .Values.provisioning.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/kafka/templates/provisioning/serviceaccount.yaml b/helm/kafka/templates/provisioning/serviceaccount.yaml new file mode 100644 index 000000000..9d7c4e99d --- /dev/null +++ b/helm/kafka/templates/provisioning/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.provisioning.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kafka.provisioning.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.provisioning.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/helm/kafka/templates/provisioning/tls-secret.yaml b/helm/kafka/templates/provisioning/tls-secret.yaml new file mode 100644 index 000000000..ead2a8181 --- /dev/null +++ b/helm/kafka/templates/provisioning/tls-secret.yaml @@ -0,0 +1,21 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.provisioning.enabled (regexFind "SSL" (upper .Values.listeners.client.protocol)) (not .Values.provisioning.auth.tls.passwordsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kafka.client.passwordsSecretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + truststore-password: {{ default "" .Values.provisioning.auth.tls.keystorePassword | b64enc | quote }} + keystore-password: {{ default "" .Values.provisioning.auth.tls.truststorePassword | b64enc | quote }} + key-password: {{ default "" .Values.provisioning.auth.tls.keyPassword | b64enc | quote }} +{{- end }} diff --git a/helm/kafka/templates/rbac/role.yaml b/helm/kafka/templates/rbac/role.yaml new file mode 100644 index 000000000..d57089c24 --- /dev/null +++ b/helm/kafka/templates/rbac/role.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- end }} diff --git a/helm/kafka/templates/rbac/rolebinding.yaml b/helm/kafka/templates/rbac/rolebinding.yaml new file mode 100644 index 000000000..f1ea5c743 --- /dev/null +++ b/helm/kafka/templates/rbac/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ template "kafka.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} +{{- end }} diff --git a/helm/kafka/templates/rbac/serviceaccount.yaml b/helm/kafka/templates/rbac/serviceaccount.yaml new file mode 100644 index 000000000..210f86f45 --- /dev/null +++ b/helm/kafka/templates/rbac/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kafka.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/helm/kafka/templates/secrets.yaml b/helm/kafka/templates/secrets.yaml new file mode 100644 index 000000000..47d67a207 --- /dev/null +++ b/helm/kafka/templates/secrets.yaml @@ -0,0 +1,132 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "kafka.createSaslSecret" .) }} +{{- $secretName := printf "%s-user-passwords" (include "common.names.fullname" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if (include "kafka.client.saslEnabled" .) }} + {{- $secretValue := "" }} + {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .) $secretName).data }} + {{- if and $secretData (hasKey $secretData "client-passwords")}} + {{- $secretValue = index $secretData "client-passwords" }} + {{- end }} + {{- if not (empty .Values.sasl.client.passwords) }} + {{- $secretValue = join "," .Values.sasl.client.passwords | toString | b64enc }} + {{- else if or (empty $secretValue) (not (eq (len .Values.sasl.client.users) (len (splitList "," (b64dec $secretValue))))) }} + {{- $clientPasswords := list }} + {{- range .Values.sasl.client.users }} + {{- $clientPasswords = append $clientPasswords (randAlphaNum 10) }} + {{- end }} + {{- $secretValue = join "," $clientPasswords | toString | b64enc }} + {{- end }} + {{- if (include "kafka.saslUserPasswordsEnabled" .) }} + client-passwords: {{ $secretValue | quote }} + system-user-password: {{ index (splitList "," (b64dec $secretValue)) 0 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }} + {{- if (include "kafka.saslUserPasswordsEnabled" .) }} + inter-broker-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "inter-broker-password" "providedValues" (list "sasl.interbroker.password") "failOnNew" false "context" $) }} + {{- end }} + {{- if (include "kafka.saslClientSecretsEnabled" .) }} + inter-broker-client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "inter-broker-client-secret" "providedValues" (list "sasl.interbroker.clientSecret") "failOnNew" false "context" $) }} + {{- end }} + {{- end }} + {{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }} + {{- if (include "kafka.saslUserPasswordsEnabled" .) }} + controller-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "controller-password" "providedValues" (list "sasl.controller.password") "failOnNew" false "context" $) }} + {{- end }} + {{- if (include "kafka.saslClientSecretsEnabled" .) }} + controller-client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "controller-client-secret" "providedValues" (list "sasl.controller.clientSecret") "failOnNew" false "context" $) }} + {{- end }} + {{- end }} +{{- end }} +{{- if not .Values.existingKraftSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-kraft" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + cluster-id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-kraft" (include "common.names.fullname" .)) "key" "cluster-id" "providedValues" (list "clusterId") "length" 22 "context" $) }} + {{- range $i := until (int .Values.controller.replicaCount) }} + {{- $key := printf "controller-%d-id" $i }} + {{ $key }}: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-kraft" (include "common.names.fullname" $)) "key" $key "providedValues" (list "") "length" 22 "failOnNew" false "context" $) }} + {{- end }} +{{- end }} +{{- if .Values.serviceBindings.enabled }} +{{- if (include "kafka.client.saslEnabled" .) }} +{{- $host := list }} +{{- $port := .Values.service.ports.client }} +{{- $bootstrapServers := list }} +{{- if not .Values.controller.controllerOnly }} + {{- range $i, $e := until (int .Values.controller.replicaCount) }} + {{- $controller := printf "%s-controller-%s.%s-headless.%s.svc.%s" (include "common.names.fullname" $) (print $i) (include "common.names.fullname" $) $.Release.Namespace $.Values.clusterDomain }} + {{- $host = append $host $controller }} + {{- $bootstrapServers = append $bootstrapServers (printf "%s:%s" $controller $.Values.service.ports.client) }} + {{- end }} +{{- end }} +{{- range $i, $e := until (int .Values.broker.replicaCount) }} + {{- $broker := printf "%s-broker-%s.%s-headless.%s.svc.%s" (include "common.names.fullname" $) (print $i) (include "common.names.fullname" $) $.Release.Namespace $.Values.clusterDomain }} + {{- $host = append $host $broker }} + {{- $bootstrapServers = append $bootstrapServers (printf "%s:%s" $broker $.Values.service.ports.client) }} +{{- end }} +{{- range $i, $e := until (len .Values.sasl.client.users) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-svcbind-user-{{ $i }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/kafka +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "kafka" | b64enc | quote }} + username: {{ index $.Values.sasl.client.users $i | b64enc | quote }} + password: {{ index $.Values.sasl.client.passwords $i | b64enc | quote }} + host: {{ join "," $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + bootstrap-servers: {{ join "," $bootstrapServers | b64enc | quote }} +{{- end }} +{{- else }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/kafka +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "kafka" | b64enc | quote }} + host: {{ join "," $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + bootstrap-servers: {{ join "," $bootstrapServers | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/helm/kafka/templates/svc.yaml b/helm/kafka/templates/svc.yaml new file mode 100644 index 000000000..35bb56dd0 --- /dev/null +++ b/helm/kafka/templates/svc.yaml @@ -0,0 +1,76 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: kafka + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if (eq .Values.service.type "LoadBalancer") }} + allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} + {{- if (not (empty .Values.service.loadBalancerClass)) }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-client + port: {{ .Values.service.ports.client }} + protocol: TCP + targetPort: client + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.client)) }} + nodePort: {{ .Values.service.nodePorts.client }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.externalAccess.enabled }} + - name: tcp-external + port: {{ .Values.service.ports.external }} + protocol: TCP + targetPort: external + {{- if (not (empty .Values.service.nodePorts.external)) }} + nodePort: {{ .Values.service.nodePorts.external }} + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.controller.controllerOnly }} + app.kubernetes.io/component: broker + {{- end }} + {{- with .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . | quote }} + {{- end }} + {{- with .Values.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/helm/kafka/templates/tls-secret.yaml b/helm/kafka/templates/tls-secret.yaml new file mode 100644 index 000000000..36325611e --- /dev/null +++ b/helm/kafka/templates/tls-secret.yaml @@ -0,0 +1,65 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if include "kafka.createTlsSecret" . }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "common.names.fullname" . }} +{{- $secretName := include "kafka.tlsSecretName" . }} +{{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname "127.0.0.1" "localhost" }} +{{- $controllerSvcName := printf "%s-headless" (include "kafka.controller.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $brokerSvcName := printf "%s-headless" (include "kafka.broker.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $altNames = concat $altNames (list (printf "*.%s.%s.svc.%s" $controllerSvcName $releaseNamespace $clusterDomain) (printf "*.%s.%s" $controllerSvcName $releaseNamespace) (printf "*.%s" $controllerSvcName)) }} +{{- $altNames = concat $altNames (list (printf "*.%s.%s.svc.%s" $brokerSvcName $releaseNamespace $clusterDomain) (printf "*.%s.%s" $brokerSvcName $releaseNamespace) (printf "*.%s" $brokerSvcName)) }} +{{- if .Values.externalAccess.enabled -}} + {{- with .Values.externalAccess.broker.service.domain }} + {{- $altNames = append $altNames . }} + {{- end }} + {{- with .Values.externalAccess.controller.service.domain }} + {{- $altNames = append $altNames . }} + {{- end }} +{{- end }} +{{- with .Values.tls.autoGenerated.customAltNames }} + {{- $altNames = concat $altNames . }} +{{- end }} +{{- $ca := genCA "kafka-ca" 365 }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} +--- +{{- end }} +{{- if include "kafka.createTlsPasswordsSecret" . }} +{{- $secretName := include "kafka.tlsPasswordsSecretName" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: kafka + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ .Values.tls.passwordsSecretKeystoreKey }}: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" .Values.tls.passwordsSecretKeystoreKey "providedValues" (list "tls.keystorePassword") "context" $) }} + {{ .Values.tls.passwordsSecretTruststoreKey }}: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" .Values.tls.passwordsSecretTruststoreKey "providedValues" (list "tls.truststorePassword") "context" $) }} + {{- if .Values.tls.keyPassword }} + {{ default "key-password" .Values.tls.passwordsSecretPemPasswordKey }}: {{ .Values.tls.keyPassword | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/helm/kafka/values.yaml b/helm/kafka/values.yaml new file mode 100644 index 000000000..13f40cc8c --- /dev/null +++ b/helm/kafka/values.yaml @@ -0,0 +1,2475 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto + +## @section Common parameters + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param apiVersions Override Kubernetes API versions reported by .Capabilities +## +apiVersions: [] +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @param usePasswordFiles Mount credentials as files instead of using environment variables +## +usePasswordFiles: true +## Diagnostic mode +## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) +## @param diagnosticMode.command Command to override all containers in the chart release +## @param diagnosticMode.args Args to override all containers in the chart release +## +diagnosticMode: + enabled: false + command: + - sleep + args: + - infinity +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + +## @section Kafka common parameters + +## Bitnami Kafka image version +## ref: https://hub.docker.com/r/bitnami/kafka/tags/ +## @param image.registry [default: REGISTRY_NAME] Kafka image registry +## @param image.repository [default: REPOSITORY_NAME/kafka] Kafka image repository +## @skip image.tag Kafka image tag (immutable tags are recommended) +## @param image.digest Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Kafka image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug values should be set +## +image: + registry: docker.io + repository: bitnami/kafka + tag: 4.0.0-debian-12-r0 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param clusterId Kafka Kraft cluster ID (ignored if existingKraftSecret is set). A random cluster ID will be generated the 1st time Kraft is initialized if not set. +## NOTE: Already initialized Kafka nodes will use cluster ID stored in their persisted storage. +## If reusing existing PVCs, make sure the cluster ID is set matching the stored cluster ID, otherwise new nodes will fail to join the cluster. +## In case the cluster ID stored in the secret does not match the value stored in /bitnami/kafka/data/meta.properties, remove the secret and upgrade the chart setting the correct value. +## +clusterId: "" +## @param existingKraftSecret Name of the secret containing the Kafka KRaft Cluster ID and one directory ID per controller replica +## +existingKraftSecret: "" +## @param config Specify content for Kafka configuration (auto-generated based on other parameters otherwise) +## NOTE: This will override the configuration based on values, please act carefully +## Use simple key-value YAML format, then it's transformed to properties format by the chart. e.g: +## process.roles: broker +## ... will be transformed to: +## process.roles=broker +## +config: {} +## @param overrideConfiguration Kafka common configuration override. Values defined here takes precedence over the ones defined at `config` +## +overrideConfiguration: {} +## @param existingConfigmap Name of an existing ConfigMap with the Kafka configuration +## +existingConfigmap: "" +## @param secretConfig Additional configuration to be appended at the end of the generated Kafka configuration (store in a secret) +## +secretConfig: "" +## @param existingSecretConfig Secret with additional configuration that will be appended to the end of the generated Kafka configuration +## The key for the configuration should be: server-secret.properties +## NOTE: This will override secretConfig value +## +existingSecretConfig: "" +## @param log4j2 Specify content for Kafka log4j2 configuration (default one is used otherwise) +## ref: https://github.com/apache/kafka/blob/trunk/config/log4j2.yaml +## +log4j2: "" +## @param existingLog4j2ConfigMap The name of an existing ConfigMap containing the log4j2.yaml file +## +existingLog4j2ConfigMap: "" +## @param heapOpts Kafka Java Heap configuration +## +heapOpts: -XX:InitialRAMPercentage=75 -XX:MaxRAMPercentage=75 +## @param brokerRackAwareness.enabled Enable Kafka Rack Awareness +## @param brokerRackAwareness.cloudProvider Cloud provider to use to set Broker Rack Awareness. Allowed values: `aws-az`, `azure` +## @param brokerRackAwareness.azureApiVersion Metadata API version to use when brokerRackAwareness.cloudProvider is set to `azure` +## ref: https://cwiki.apache.org/confluence/display/KAFKA/KIP-392%3A+Allow+consumers+to+fetch+from+closest+replica +## +brokerRackAwareness: + enabled: false + cloudProvider: "" + azureApiVersion: "2023-11-15" +## @param interBrokerProtocolVersion Override the setting 'inter.broker.protocol.version' during the ZK migration. +## Ref. https://docs.confluent.io/platform/current/installation/migrate-zk-kraft.html +## +interBrokerProtocolVersion: "" +## Kafka listeners configuration +## +listeners: + ## @param listeners.client.name Name for the Kafka client listener + ## @param listeners.client.containerPort Port for the Kafka client listener + ## @param listeners.client.protocol Security protocol for the Kafka client listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' + ## @param listeners.client.sslClientAuth Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' + client: + containerPort: 9092 + protocol: SASL_PLAINTEXT + name: CLIENT + sslClientAuth: "" + ## @param listeners.controller.name Name for the Kafka controller listener + ## @param listeners.controller.containerPort Port for the Kafka controller listener + ## @param listeners.controller.protocol Security protocol for the Kafka controller listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' + ## @param listeners.controller.sslClientAuth Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' + ## Ref: https://cwiki.apache.org/confluence/display/KAFKA/KIP-684+-+Support+mutual+TLS+authentication+on+SASL_SSL+listeners + controller: + name: CONTROLLER + containerPort: 9093 + protocol: SASL_PLAINTEXT + sslClientAuth: "" + ## @param listeners.interbroker.name Name for the Kafka inter-broker listener + ## @param listeners.interbroker.containerPort Port for the Kafka inter-broker listener + ## @param listeners.interbroker.protocol Security protocol for the Kafka inter-broker listener. Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' + ## @param listeners.interbroker.sslClientAuth Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.authType for this listener. Allowed values are 'none', 'requested' and 'required' + interbroker: + containerPort: 9094 + protocol: SASL_PLAINTEXT + name: INTERNAL + sslClientAuth: "" + ## @param listeners.external.containerPort Port for the Kafka external listener + ## @param listeners.external.protocol Security protocol for the Kafka external listener. . Allowed values are 'PLAINTEXT', 'SASL_PLAINTEXT', 'SASL_SSL' and 'SSL' + ## @param listeners.external.name Name for the Kafka external listener + ## @param listeners.external.sslClientAuth Optional. If SASL_SSL is enabled, configure mTLS TLS authentication type. If SSL protocol is enabled, overrides tls.sslClientAuth for this listener. Allowed values are 'none', 'requested' and 'required' + external: + containerPort: 9095 + protocol: SASL_PLAINTEXT + name: EXTERNAL + sslClientAuth: "" + ## @param listeners.extraListeners Array of listener objects to be appended to already existing listeners + ## E.g. + ## extraListeners: + ## - name: CUSTOM + ## containerPort: 9097 + ## protocol: SASL_PLAINTEXT + ## sslClientAuth: "" + ## + extraListeners: [] + ## NOTE: If set, below values will override configuration set using the above values (extraListeners.*, controller.*, interbroker.*, client.* and external.*) + ## @param listeners.overrideListeners Overrides the Kafka 'listeners' configuration setting. + ## @param listeners.advertisedListeners Overrides the Kafka 'advertised.listener' configuration setting. + ## @param listeners.securityProtocolMap Overrides the Kafka 'security.protocol.map' configuration setting. + overrideListeners: "" + advertisedListeners: "" + securityProtocolMap: "" +## @section Kafka SASL parameters +## Kafka SASL settings for authentication, required if SASL_PLAINTEXT or SASL_SSL listeners are configured +## +sasl: + ## @param sasl.enabledMechanisms Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512`, `OAUTHBEARER` + ## NOTE: At the moment, Kafka Raft mode does not support SCRAM, that is why only PLAIN is configured. + ## + enabledMechanisms: PLAIN,SCRAM-SHA-256,SCRAM-SHA-512 + ## @param sasl.interBrokerMechanism SASL mechanism for inter broker communication. + ## + interBrokerMechanism: PLAIN + ## @param sasl.controllerMechanism SASL mechanism for controller communications. + ## + controllerMechanism: PLAIN + ## Settings for OAuthBearer mechanism + ## @param sasl.oauthbearer.tokenEndpointUrl The URL for the OAuth/OIDC identity provider + ## @param sasl.oauthbearer.jwksEndpointUrl The OAuth/OIDC provider URL from which the provider's JWKS (JSON Web Key Set) can be retrieved + ## @param sasl.oauthbearer.expectedAudience The comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences + ## @param sasl.oauthbearer.subClaimName The OAuth claim name for the subject. + ## + oauthbearer: + tokenEndpointUrl: "" + jwksEndpointUrl: "" + expectedAudience: "" + subClaimName: "sub" + ## Credentials for inter-broker communications. + ## @param sasl.interbroker.user Username for inter-broker communications when SASL is enabled + ## @param sasl.interbroker.password Password for inter-broker communications when SASL is enabled. If not set and SASL is enabled for the controller listener, a random password will be generated. + ## @param sasl.interbroker.clientId Client ID for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER + ## @param sasl.interbroker.clientSecret Client Secret for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the controller listener, a random secret will be generated. + ## + interbroker: + user: inter_broker_user + password: "" + clientId: inter_broker_client + clientSecret: "" + ## Credentials for controller communications. + ## @param sasl.controller.user Username for controller communications when SASL is enabled + ## @param sasl.controller.password Password for controller communications when SASL is enabled. If not set and SASL is enabled for the inter-broker listener, a random password will be generated. + ## @param sasl.controller.clientId Client ID for controller communications when SASL is enabled with mechanism OAUTHBEARER + ## @param sasl.controller.clientSecret Client Secret for controller communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the inter-broker listener, a random secret will be generated. + ## + controller: + user: controller_user + password: "" + clientId: controller_broker_client + clientSecret: "" + ## Credentials for client communications. + ## @param sasl.client.users Comma-separated list of usernames for client communications when SASL is enabled + ## @param sasl.client.passwords Comma-separated list of passwords for client communications when SASL is enabled, must match the number of client.users + ## + client: + users: + - user1 + passwords: "" + ## @param sasl.existingSecret Name of the existing secret containing credentials for client.users, interbroker.user and controller.user + ## Create this secret running the command below where SECRET_NAME is the name of the secret you want to create: + ## kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1,CLIENT_PASSWORD2 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=inter-broker-client-secret=INTER_BROKER_CLIENT_SECRET --from-literal=controller-password=CONTROLLER_PASSWORD --from-literal=controller-client-secret=CONTROLLER_CLIENT_SECRET + ## The client secrets are only required when using OAuthBearer as SASL mechanism. + ## Client, inter-broker and controller passwords are only required if the SASL mechanism includes something other than OAuthBearer. + ## + existingSecret: "" +## @section Kafka TLS parameters +## Kafka TLS settings, required if SSL or SASL_SSL listeners are configured +## +tls: + ## @param tls.type Format to use for TLS certificates. Allowed types: `JKS` and `PEM` + ## + type: JKS + ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. + ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA. + ## + pemChainIncluded: false + ## @param tls.autoGenerated.enabled Enable automatic generation of TLS certificates (only supported if `tls.type` is `PEM`) + ## @param tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager) + ## @param tls.autoGenerated.customAltNames List of additional subject alternative names (SANs) for the automatically generated TLS certificates. + ## @param tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine) + ## + autoGenerated: + enabled: true + engine: helm + customAltNames: [] + certManager: + existingIssuer: "" + existingIssuerKind: "" + keySize: 2048 + keyAlgorithm: RSA + duration: 2160h + renewBefore: 360h + ## @param tls.existingSecret Name of the existing secret containing the TLS certificates for the Kafka nodes. + ## When using 'jks' format for certificates, each secret should contain a truststore and a keystore. + ## Create these secrets following the steps below: + ## 1) Generate your truststore and keystore files. Helpful script: https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh + ## 2) Rename your truststore to `kafka.truststore.jks`. + ## 3) Rename your keystores to `kafka--X.keystore.jks` where X is the replica number of the . + ## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create): + ## kubectl create secret generic SECRET_NAME_0 --from-file=kafka.truststore.jks=./kafka.truststore.jks \ + ## --from-file=kafka-controller-0.keystore.jks=./kafka-controller-0.keystore.jks --from-file=kafka-broker-0.keystore.jks=./kafka-broker-0.keystore.jks ... + ## + ## NOTE: Alternatively, a single keystore can be provided for all nodes under the key 'kafka.keystore.jks', this keystore will be used by all nodes unless overridden by the 'kafka--X.keystore.jks' file + ## + ## When using 'pem' format for certificates, each secret should contain a public CA certificate, a public certificate and one private key. + ## Create these secrets following the steps below: + ## 1) Create a certificate key and signing request per Kafka broker, and sign the signing request with your CA + ## 2) Rename your CA file to `ca.crt`. + ## 3) Rename your certificates to `kafka-X.tls.crt` where X is the ID of each Kafka broker. + ## 3) Rename your keys to `kafka-X.tls.key` where X is the ID of each Kafka broker. + ## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create): + ## kubectl create secret generic SECRET_NAME_0 --from-file=ca.crt=./ca.crt --from-file=kafka-controller-0.crt=./kafka-controller-0.crt --from-file=kafka-controller-0.key=./kafka-controller-0.key \ + ## --from-file=kafka-broker-0.crt=./kafka-broker-0.crt --from-file=kafka-broker-0.key=./kafka-broker-0.key ... + ## + ## NOTE: Alternatively, a single key and certificate can be provided for all nodes under the keys 'tls.crt' and 'tls.key'. These certificates will be used by all nodes unless overridden by the 'kafka--X.key' and 'kafka--X.crt' files + ## + existingSecret: "" + ## @param tls.passwordsSecret Name of the secret containing the password to access the JKS files or PEM key when they are password-protected. (`key`: `password`) + ## + passwordsSecret: "" + ## @param tls.passwordsSecretKeystoreKey The secret key from the tls.passwordsSecret containing the password for the Keystore. + ## + passwordsSecretKeystoreKey: keystore-password + ## @param tls.passwordsSecretTruststoreKey The secret key from the tls.passwordsSecret containing the password for the Truststore. + ## + passwordsSecretTruststoreKey: truststore-password + ## @param tls.passwordsSecretPemPasswordKey The secret key from the tls.passwordsSecret containing the password for the PEM key inside 'tls.passwordsSecret'. + ## + passwordsSecretPemPasswordKey: "" + ## @param tls.keystorePassword Password to access the JKS keystore when it is password-protected. Ignored when 'tls.passwordsSecret' is provided. + ## When using tls.type=PEM, the generated keystore will use this password or randomly generate one. + ## + keystorePassword: "" + ## @param tls.truststorePassword Password to access the JKS truststore when it is password-protected. Ignored when 'tls.passwordsSecret' is provided. + ## When using tls.type=PEM, the generated keystore will use this password or randomly generate one. + ## + truststorePassword: "" + ## @param tls.keyPassword Password to access the PEM key when it is password-protected. + ## Note: ignored when using 'tls.passwordsSecret' + ## + keyPassword: "" + ## @param tls.jksKeystoreKey The secret key from the `tls.existingSecret` containing the keystore + ## Note: ignored when using 'pem' format for certificates. + ## + jksKeystoreKey: "" + ## @param tls.jksTruststoreSecret Name of the existing secret containing your truststore if truststore not existing or different from the one in the `tls.existingSecret` + ## Note: ignored when using 'pem' format for certificates. + ## + jksTruststoreSecret: "" + ## @param tls.jksTruststoreKey The secret key from the `tls.existingSecret` or `tls.jksTruststoreSecret` containing the truststore + ## Note: ignored when using 'pem' format for certificates. + ## + jksTruststoreKey: "" + ## @param tls.endpointIdentificationAlgorithm The endpoint identification algorithm to validate server hostname using server certificate + ## Disable server host name verification by setting it to an empty string. + ## ref: https://docs.confluent.io/current/kafka/authentication_ssl.html#optional-settings + ## + endpointIdentificationAlgorithm: https + ## @param tls.sslClientAuth Sets the default value for the ssl.client.auth Kafka setting. + ## ref: https://docs.confluent.io/current/kafka/authentication_ssl.html#optional-settings + ## + sslClientAuth: "required" +## @param extraEnvVars Extra environment variables to add to Kafka pods +## ref: https://github.com/bitnami/containers/tree/main/bitnami/kafka#configuration +## e.g: +## extraEnvVars: +## - name: KAFKA_CFG_BACKGROUND_THREADS +## value: "10" +## +extraEnvVars: [] +## @param extraEnvVarsCM ConfigMap with extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret with extra environment variables +## +extraEnvVarsSecret: "" +## @param extraVolumes Optionally specify extra list of additional volumes for the Kafka pod(s) +## e.g: +## extraVolumes: +## - name: kafka-jaas +## secret: +## secretName: kafka-jaas +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka container(s) +## extraVolumeMounts: +## - name: kafka-jaas +## mountPath: /bitnami/kafka/config/kafka_jaas.conf +## subPath: kafka_jaas.conf +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the Kafka pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional Add init containers to the Kafka pod(s) +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## DNS-Pod services +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## @param dnsPolicy Specifies the DNS policy for the Kafka pods +## DNS policies can be set on a per-Pod basis. Currently Kubernetes supports the following Pod-specific DNS policies. +## Available options: Default, ClusterFirst, ClusterFirstWithHostNet, None +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +dnsPolicy: "" +## @param dnsConfig allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None` +## The dnsConfig field is optional and it can work with any dnsPolicy settings. +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config +## E.g. +## dnsConfig: +## nameservers: +## - 192.0.2.1 # this is an example +## searches: +## - ns1.svc.cluster-domain.example +## - my.dns.search.suffix +## options: +## - name: ndots +## value: "2" +## - name: edns0 +dnsConfig: {} + +## Default init Containers +## +defaultInitContainers: + ## 'volume-permissions' init container + ## Used to change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node + ## + volumePermissions: + ## @param defaultInitContainers.volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param defaultInitContainers.volumePermissions.image.registry [default: REGISTRY_NAME] "volume-permissions" init-containers' image registry + ## @param defaultInitContainers.volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] "volume-permissions" init-containers' image repository + ## @skip defaultInitContainers.volumePermissions.image.tag "volume-permissions" init-containers' image tag (immutable tags are recommended) + ## @param defaultInitContainers.volumePermissions.image.digest "volume-permissions" init-containers' image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param defaultInitContainers.volumePermissions.image.pullPolicy "volume-permissions" init-containers' image pull policy + ## @param defaultInitContainers.volumePermissions.image.pullSecrets "volume-permissions" init-containers' image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r40 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Configure "volume-permissions" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.enabled Enabled "volume-permissions" init-containers' Security Context + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "volume-permissions" init-containers + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser Set runAsUser in "volume-permissions" init-containers' Security Context + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.privileged Set privileged in "volume-permissions" init-containers' Security Context + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "volume-permissions" init-containers' Security Context + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.add List of capabilities to be added in "volume-permissions" init-containers + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "volume-permissions" init-containers + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.seccompProfile.type Set seccomp profile in "volume-permissions" init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 0 + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Kafka "volume-permissions" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.volumePermissions.resourcesPreset Set Kafka "volume-permissions" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.volumePermissions.resources is set (defaultInitContainers.volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.volumePermissions.resources Set Kafka "volume-permissions" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Kafka "prepare-config" init container + ## Used to prepare the Kafka configuration files for main containers to use them + ## + prepareConfig: + ## Configure "prepare-config" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.enabled Enabled "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "prepare-config" init-containers + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsUser Set runAsUser in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsGroup Set runAsUser in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.privileged Set privileged in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "prepare-config" init-containers' Security Context + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.add List of capabilities to be added in "prepare-config" init-containers + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "prepare-config" init-containers + ## @param defaultInitContainers.prepareConfig.containerSecurityContext.seccompProfile.type Set seccomp profile in "prepare-config" init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Kafka "prepare-config" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.prepareConfig.resourcesPreset Set Kafka "prepare-config" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.prepareConfig.resources is set (defaultInitContainers.prepareConfig.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.prepareConfig.resources Set Kafka "prepare-config" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param defaultInitContainers.prepareConfig.extraInit Additional content for the "prepare-config" init script, rendered as a template. + ## + extraInit: "" + ## 'auto-discovery' init container + ## Used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param defaultInitContainers.autoDiscovery.enabled Enable init container that auto-detects external IPs/ports by querying the K8s API + ## + enabled: false + ## Bitnami Kubectl image + ## @param defaultInitContainers.autoDiscovery.image.registry [default: REGISTRY_NAME] "auto-discovery" init-containers' image registry + ## @param defaultInitContainers.autoDiscovery.image.repository [default: REPOSITORY_NAME/os-shell] "auto-discovery" init-containers' image repository + ## @skip defaultInitContainers.autoDiscovery.image.tag "auto-discovery" init-containers' image tag (immutable tags are recommended) + ## @param defaultInitContainers.autoDiscovery.image.digest "auto-discovery" init-containers' image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param defaultInitContainers.autoDiscovery.image.pullPolicy "auto-discovery" init-containers' image pull policy + ## @param defaultInitContainers.autoDiscovery.image.pullSecrets "auto-discovery" init-containers' image pull secrets + ## + image: + registry: docker.io + repository: bitnami/kubectl + tag: 1.32.3-debian-12-r1 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Configure "auto-discovery" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.enabled Enabled "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "auto-discovery" init-containers + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.runAsUser Set runAsUser in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.runAsGroup Set runAsUser in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.privileged Set privileged in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "auto-discovery" init-containers' Security Context + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.capabilities.add List of capabilities to be added in "auto-discovery" init-containers + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "auto-discovery" init-containers + ## @param defaultInitContainers.autoDiscovery.containerSecurityContext.seccompProfile.type Set seccomp profile in "auto-discovery" init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Kafka "auto-discovery" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.autoDiscovery.resourcesPreset Set Kafka "auto-discovery" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.autoDiscovery.resources is set (defaultInitContainers.autoDiscovery.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.autoDiscovery.resources Set Kafka "auto-discovery" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + +## @section Controller-eligible statefulset parameters +## +controller: + ## @param controller.replicaCount Number of Kafka controller-eligible nodes + ## + replicaCount: 1 + ## @param controller.controllerOnly If set to true, controller nodes will be deployed as dedicated controllers, instead of controller+broker processes. + ## + controllerOnly: false + ## @param controller.quorumBootstrapServers Override the Kafka controller quorum bootstrap servers of the Kafka Kraft cluster. If not set, it will be automatically configured to use all controller-eligible nodes. + ## + + quorumBootstrapServers: "" + ## @param controller.minId Minimal node.id values for controller-eligible nodes. Do not change after first initialization. + ## Broker-only id increment their ID starting at this minimal value. + ## We recommend setting this this value high enough, as IDs under this value will be used by controller-elegible nodes + ## + minId: 0 + ## @param controller.config Specify content for Kafka configuration for Kafka controller-eligible nodes (auto-generated based on other parameters otherwise) + ## NOTE: This will override the configuration based on values, please act carefully + ## Use simple key-value YAML format, then it's transformed to properties format by the chart. e.g: + ## process.roles: controller + ## ... will be transformed to: + ## process.roles=controller + ## + config: {} + ## @param controller.overrideConfiguration Kafka configuration override for Kafka controller-eligible nodes. Values defined here takes precedence over the ones defined at `controller.config` + ## + overrideConfiguration: {} + ## @param controller.existingConfigmap Name of an existing ConfigMap with the Kafka configuration for Kafka controller-eligible nodes + ## + existingConfigmap: "" + ## @param controller.secretConfig Additional configuration to be appended at the end of the generated Kafka configuration for Kafka controller-eligible nodes (store in a secret) + ## + secretConfig: "" + ## @param controller.existingSecretConfig Secret with additional configuration that will be appended to the end of the generated Kafka configuration for Kafka controller-eligible nodes + ## The key for the configuration should be: server-secret.properties + ## NOTE: This will override secretConfig value + ## + existingSecretConfig: "" + ## @param controller.heapOpts Kafka Java Heap size for controller-eligible nodes + ## + heapOpts: -Xmx1024m -Xms1024m + ## @param controller.command Override Kafka container command + ## + command: [] + ## @param controller.args Override Kafka container arguments + ## + args: [] + ## @param controller.extraEnvVars Extra environment variables to add to Kafka pods + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/kafka#configuration + ## e.g: + ## extraEnvVars: + ## - name: KAFKA_CFG_BACKGROUND_THREADS + ## value: "10" + ## + extraEnvVars: [] + ## @param controller.extraEnvVarsCM ConfigMap with extra environment variables + ## + extraEnvVarsCM: "" + ## @param controller.extraEnvVarsSecret Secret with extra environment variables + ## + extraEnvVarsSecret: "" + ## @param controller.extraContainerPorts Kafka controller-eligible extra containerPorts. + ## + extraContainerPorts: [] + ## Configure extra options for Kafka containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param controller.livenessProbe.enabled Enable livenessProbe on Kafka containers + ## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + ## @param controller.readinessProbe.enabled Enable readinessProbe on Kafka containers + ## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + failureThreshold: 6 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + ## @param controller.startupProbe.enabled Enable startupProbe on Kafka containers + ## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param controller.startupProbe.periodSeconds Period seconds for startupProbe + ## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param controller.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param controller.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param controller.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param controller.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param controller.lifecycleHooks lifecycleHooks for the Kafka container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## Kafka resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Kafka pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param controller.podSecurityContext.enabled Enable security context for the pods + ## @param controller.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param controller.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param controller.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param controller.podSecurityContext.fsGroup Set Kafka pod's Security Context fsGroup + ## @param controller.podSecurityContext.seccompProfile.type Set Kafka pods's Security Context seccomp profile + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" + ## Kafka containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param controller.containerSecurityContext.enabled Enable Kafka containers' Security Context + ## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param controller.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param controller.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param controller.containerSecurityContext.runAsGroup Set Kafka containers' Security Context runAsGroup + ## @param controller.containerSecurityContext.runAsNonRoot Set Kafka containers' Security Context runAsNonRoot + ## @param controller.containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as non-privileged + ## @param controller.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly only + ## @param controller.containerSecurityContext.capabilities.drop Set Kafka containers' server Security Context capabilities to be dropped + ## e.g: + ## containerSecurityContext: + ## enabled: true + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + ## @param controller.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param controller.hostAliases Kafka pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param controller.hostNetwork Specify if host network should be enabled for Kafka pods + ## + hostNetwork: false + ## @param controller.hostIPC Specify if host IPC should be enabled for Kafka pods + ## + hostIPC: false + ## @param controller.podLabels Extra labels for Kafka pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param controller.podAnnotations Extra annotations for Kafka pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param controller.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param controller.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param controller.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param controller.nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param controller.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param controller.affinity Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param controller.nodeSelector Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param controller.tolerations Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param controller.terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate + ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution + ## + terminationGracePeriodSeconds: "" + ## @param controller.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel + ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## + podManagementPolicy: Parallel + ## @param controller.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param controller.priorityClassName Name of the existing priority class to be used by kafka pods + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param controller.runtimeClassName Name of the runtime class to be used by pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## @param controller.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace. + ## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`. + ## + enableServiceLinks: true + ## @param controller.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param controller.updateStrategy.type Kafka statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param controller.extraVolumes Optionally specify extra list of additional volumes for the Kafka pod(s) + ## e.g: + ## extraVolumes: + ## - name: kafka-jaas + ## secret: + ## secretName: kafka-jaas + ## + extraVolumes: [] + ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka container(s) + ## extraVolumeMounts: + ## - name: kafka-jaas + ## mountPath: /bitnami/kafka/config/kafka_jaas.conf + ## subPath: kafka_jaas.conf + ## + extraVolumeMounts: [] + ## @param controller.sidecars Add additional sidecar containers to the Kafka pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param controller.initContainers Add additional Add init containers to the Kafka pod(s) + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @section Experimental: Kafka Controller Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## + autoscaling: + vpa: + ## @param controller.autoscaling.vpa.enabled Enable VPA + ## + enabled: false + ## @param controller.autoscaling.vpa.annotations Annotations for VPA resource + ## + annotations: {} + ## @param controller.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## + controlledResources: [] + ## @param controller.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + maxAllowed: {} + ## @param controller.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + minAllowed: {} + updatePolicy: + ## @param controller.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updateMode: Auto + hpa: + ## @param controller.autoscaling.hpa.enabled Enable HPA for Kafka Controller + ## + enabled: false + ## @param controller.autoscaling.hpa.annotations Annotations for HPA resource + ## + annotations: {} + ## @param controller.autoscaling.hpa.minReplicas Minimum number of Kafka Controller replicas + ## + minReplicas: "" + ## @param controller.autoscaling.hpa.maxReplicas Maximum number of Kafka Controller replicas + ## + maxReplicas: "" + ## @param controller.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## + targetCPU: "" + ## @param controller.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + targetMemory: "" + ## Kafka Pod Disruption Budget + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## @param controller.pdb.create Deploy a pdb object for the Kafka pod + ## @param controller.pdb.minAvailable Minimum number/percentage of available Kafka replicas + ## @param controller.pdb.maxUnavailable Maximum number/percentage of unavailable Kafka replicas + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param controller.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param controller.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param controller.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param controller.persistence.enabled Enable Kafka data persistence using PVC + ## + enabled: true + ## @param controller.persistence.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template + ## + existingClaim: "" + ## @param controller.persistence.storageClass PVC Storage Class for Kafka data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param controller.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param controller.persistence.size PVC Storage Request for Kafka data volume + ## + size: 25Gi + ## @param controller.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param controller.persistence.labels Labels for the PVC + ## + labels: {} + ## @param controller.persistence.selector Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param controller.persistence.mountPath Mount path of the Kafka data volume + ## + mountPath: /bitnami/kafka + ## Log Persistence parameters + ## + logPersistence: + ## @param controller.logPersistence.enabled Enable Kafka logs persistence using PVC + ## + enabled: false + ## @param controller.logPersistence.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template + ## + existingClaim: "" + ## @param controller.logPersistence.storageClass PVC Storage Class for Kafka logs volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param controller.logPersistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param controller.logPersistence.size PVC Storage Request for Kafka logs volume + ## + size: 8Gi + ## @param controller.logPersistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param controller.logPersistence.selector Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param controller.logPersistence.mountPath Mount path of the Kafka logs volume + ## + mountPath: /opt/bitnami/kafka/logs +## @section Broker-only statefulset parameters +## +broker: + ## @param broker.replicaCount Number of Kafka broker-only nodes + ## + replicaCount: 0 + ## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization. + ## Broker-only id increment their ID starting at this minimal value. + ## We recommend setting this this value high enough, as IDs under this value will be used by controller-eligible nodes + ## + ## + minId: 100 + ## @param broker.config Specify content for Kafka configuration for Kafka broker-only nodes (auto-generated based on other parameters otherwise) + ## NOTE: This will override the configuration based on values, please act carefully + ## Use simple key-value YAML format, then it's transformed to properties format by the chart. e.g: + ## process.roles: broker + ## ... will be transformed to: + ## process.roles=broker + ## + config: {} + ## @param broker.overrideConfiguration Kafka configuration override for Kafka broker-only nodes. Values defined here takes precedence over the ones defined at `broker.config` + ## + overrideConfiguration: {} + ## @param broker.existingConfigmap Name of an existing ConfigMap with the Kafka configuration for Kafka broker-only nodes + ## + existingConfigmap: "" + ## @param broker.secretConfig Additional configuration to be appended at the end of the generated Kafka configuration for Kafka broker-only nodes (store in a secret) + ## + secretConfig: "" + ## @param broker.existingSecretConfig Secret with additional configuration that will be appended to the end of the generated Kafka configuration for Kafka broker-only nodes + ## The key for the configuration should be: server-secret.properties + ## NOTE: This will override secretConfig value + ## + existingSecretConfig: "" + ## @param broker.heapOpts Kafka Java Heap size for broker-only nodes + ## + heapOpts: -Xmx1024m -Xms1024m + ## @param broker.command Override Kafka container command + ## + command: [] + ## @param broker.args Override Kafka container arguments + ## + args: [] + ## @param broker.extraEnvVars Extra environment variables to add to Kafka pods + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/kafka#configuration + ## e.g: + ## extraEnvVars: + ## - name: KAFKA_CFG_BACKGROUND_THREADS + ## value: "10" + ## + extraEnvVars: [] + ## @param broker.extraEnvVarsCM ConfigMap with extra environment variables + ## + extraEnvVarsCM: "" + ## @param broker.extraEnvVarsSecret Secret with extra environment variables + ## + extraEnvVarsSecret: "" + ## @param broker.extraContainerPorts Kafka broker-only extra containerPorts. + ## + extraContainerPorts: [] + ## Configure extra options for Kafka containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param broker.livenessProbe.enabled Enable livenessProbe on Kafka containers + ## @param broker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param broker.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param broker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param broker.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param broker.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + ## @param broker.readinessProbe.enabled Enable readinessProbe on Kafka containers + ## @param broker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param broker.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param broker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param broker.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param broker.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + failureThreshold: 6 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + ## @param broker.startupProbe.enabled Enable startupProbe on Kafka containers + ## @param broker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param broker.startupProbe.periodSeconds Period seconds for startupProbe + ## @param broker.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param broker.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param broker.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param broker.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param broker.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param broker.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param broker.lifecycleHooks lifecycleHooks for the Kafka container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## Kafka resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param broker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if broker.resources is set (broker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param broker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Kafka pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param broker.podSecurityContext.enabled Enable security context for the pods + ## @param broker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param broker.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param broker.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param broker.podSecurityContext.fsGroup Set Kafka pod's Security Context fsGroup + ## @param broker.podSecurityContext.seccompProfile.type Set Kafka pod's Security Context seccomp profile + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" + ## Kafka containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param broker.containerSecurityContext.enabled Enable Kafka containers' Security Context + ## @param broker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param broker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param broker.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param broker.containerSecurityContext.runAsNonRoot Set Kafka containers' Security Context runAsNonRoot + ## @param broker.containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as non-privileged + ## @param broker.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly only + ## @param broker.containerSecurityContext.capabilities.drop Set Kafka containers' server Security Context capabilities to be dropped + ## e.g: + ## containerSecurityContext: + ## enabled: true + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + ## @param broker.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param broker.hostAliases Kafka pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param broker.hostNetwork Specify if host network should be enabled for Kafka pods + ## + hostNetwork: false + ## @param broker.hostIPC Specify if host IPC should be enabled for Kafka pods + ## + hostIPC: false + ## @param broker.podLabels Extra labels for Kafka pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param broker.podAnnotations Extra annotations for Kafka pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param broker.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param broker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param broker.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param broker.nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param broker.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param broker.affinity Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param broker.nodeSelector Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param broker.tolerations Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param broker.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param broker.terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate + ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution + ## + terminationGracePeriodSeconds: "" + ## @param broker.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel + ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## + podManagementPolicy: Parallel + ## @param broker.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param broker.priorityClassName Name of the existing priority class to be used by kafka pods + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param broker.runtimeClassName Name of the runtime class to be used by pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## @param broker.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace. + ## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`. + ## + enableServiceLinks: true + ## @param broker.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param broker.updateStrategy.type Kafka statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param broker.extraVolumes Optionally specify extra list of additional volumes for the Kafka pod(s) + ## e.g: + ## extraVolumes: + ## - name: kafka-jaas + ## secret: + ## secretName: kafka-jaas + ## + extraVolumes: [] + ## @param broker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka container(s) + ## extraVolumeMounts: + ## - name: kafka-jaas + ## mountPath: /bitnami/kafka/config/kafka_jaas.conf + ## subPath: kafka_jaas.conf + ## + extraVolumeMounts: [] + ## @param broker.sidecars Add additional sidecar containers to the Kafka pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param broker.initContainers Add additional Add init containers to the Kafka pod(s) + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## Kafka Pod Disruption Budget + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## @param broker.pdb.create Deploy a pdb object for the Kafka pod + ## @param broker.pdb.minAvailable Maximum number/percentage of unavailable Kafka replicas + ## @param broker.pdb.maxUnavailable Maximum number/percentage of unavailable Kafka replicas + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## @section Experimental: Kafka Broker Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## + autoscaling: + vpa: + ## @param broker.autoscaling.vpa.enabled Enable VPA + ## + enabled: false + ## @param broker.autoscaling.vpa.annotations Annotations for VPA resource + ## + annotations: {} + ## @param broker.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## + controlledResources: [] + ## @param broker.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + maxAllowed: {} + ## @param broker.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + minAllowed: {} + updatePolicy: + ## @param broker.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updateMode: Auto + hpa: + ## @param broker.autoscaling.hpa.enabled Enable HPA for Kafka Broker + ## + enabled: false + ## @param broker.autoscaling.hpa.annotations Annotations for HPA resource + ## + annotations: {} + ## @param broker.autoscaling.hpa.minReplicas Minimum number of Kafka Broker replicas + ## + minReplicas: "" + ## @param broker.autoscaling.hpa.maxReplicas Maximum number of Kafka Broker replicas + ## + maxReplicas: "" + ## @param broker.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## + targetCPU: "" + ## @param broker.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + targetMemory: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param broker.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param broker.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param broker.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param broker.persistence.enabled Enable Kafka data persistence using PVC + ## + enabled: true + ## @param broker.persistence.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template + ## + existingClaim: "" + ## @param broker.persistence.storageClass PVC Storage Class for Kafka data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param broker.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param broker.persistence.size PVC Storage Request for Kafka data volume + ## + size: 25Gi + ## @param broker.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param broker.persistence.labels Labels for the PVC + ## + labels: {} + ## @param broker.persistence.selector Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param broker.persistence.mountPath Mount path of the Kafka data volume + ## + mountPath: /bitnami/kafka + ## Log Persistence parameters + ## + logPersistence: + ## @param broker.logPersistence.enabled Enable Kafka logs persistence using PVC + ## + enabled: false + ## @param broker.logPersistence.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template + ## + existingClaim: "" + ## @param broker.logPersistence.storageClass PVC Storage Class for Kafka logs volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param broker.logPersistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param broker.logPersistence.size PVC Storage Request for Kafka logs volume + ## + size: 8Gi + ## @param broker.logPersistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param broker.logPersistence.selector Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param broker.logPersistence.mountPath Mount path of the Kafka logs volume + ## + mountPath: /opt/bitnami/kafka/logs +## @section Traffic Exposure parameters +## + +## Service parameters +## +service: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.ports.client Kafka svc port for client connections + ## @param service.ports.controller Kafka svc port for controller connections + ## @param service.ports.interbroker Kafka svc port for inter-broker connections + ## @param service.ports.external Kafka svc port for external connections + ## + ports: + client: 9092 + controller: 9093 + interbroker: 9094 + external: 9095 + ## @param service.extraPorts Extra ports to expose in the Kafka service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.nodePorts.client Node port for the Kafka client connections + ## @param service.nodePorts.external Node port for the Kafka external connections + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + client: "" + external: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.clusterIP Kafka service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP Kafka service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerClass Kafka service Load Balancer Class + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + ## + loadBalancerClass: "" + ## @param service.loadBalancerSourceRanges Kafka service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + ## + allocateLoadBalancerNodePorts: true + ## @param service.externalTrafficPolicy Kafka service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for Kafka service + ## + annotations: {} + ## Headless service properties + ## + headless: + controller: + ## @param service.headless.controller.annotations Annotations for the controller-eligible headless service. + ## + annotations: {} + ## @param service.headless.controller.labels Labels for the controller-eligible headless service. + ## + labels: {} + broker: + ## @param service.headless.broker.annotations Annotations for the broker-only headless service. + ## + annotations: {} + ## @param service.headless.broker.labels Labels for the broker-only headless service. + ## + labels: {} + ## @param service.headless.ipFamilies IP families for the headless service + ## + ipFamilies: [] + ## @param service.headless.ipFamilyPolicy IP family policy for the headless service + ## + ipFamilyPolicy: "" +## External Access to Kafka brokers configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to Kafka brokers + ## + enabled: false + ## Service settings + controller: + ## @param externalAccess.controller.forceExpose If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes + ## + forceExpose: false + ## Parameters to configure K8s service(s) used to externally access Kafka brokers + ## Note: A new service per broker will be created + ## + service: + ## @param externalAccess.controller.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.controller.service.ports.external Kafka port used for external access when service type is LoadBalancer + ## + ports: + external: 9094 + ## @param externalAccess.controller.service.loadBalancerClass Kubernetes Service Load Balancer class for external access when service type is LoadBalancer + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + ## + loadBalancerClass: "" + ## @param externalAccess.controller.service.loadBalancerIPs Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.controller.service.loadBalancerNames Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerNames: + ## - broker1.external.example.com + ## - broker2.external.example.com + ## + loadBalancerNames: [] + ## @param externalAccess.controller.service.loadBalancerAnnotations Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerAnnotations: + ## - external-dns.alpha.kubernetes.io/hostname: broker1.external.example.com. + ## - external-dns.alpha.kubernetes.io/hostname: broker2.external.example.com. + ## + loadBalancerAnnotations: [] + ## @param externalAccess.controller.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.controller.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + ## + allocateLoadBalancerNodePorts: true + ## @param externalAccess.controller.service.nodePorts Array of node ports used for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.controller.service.externalIPs Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount + ## e.g: + ## externalIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + externalIPs: [] + ## @param externalAccess.controller.service.useHostIPs Use service host IPs to configure Kafka external listener when service type is NodePort + ## + useHostIPs: false + ## @param externalAccess.controller.service.usePodIPs using the MY_POD_IP address for external access. + ## + usePodIPs: false + ## @param externalAccess.controller.service.domain Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP + ## NodePort: If not specified, the container will try to get the kubernetes node external IP + ## ClusterIP: Must be specified, ingress IP or domain where tcp for external ports is configured + ## + domain: "" + ## @param externalAccess.controller.service.publishNotReadyAddresses Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready + ## ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/ + ## + publishNotReadyAddresses: false + ## @param externalAccess.controller.service.labels Service labels for external access + ## + labels: {} + ## @param externalAccess.controller.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.controller.service.extraPorts Extra ports to expose in the Kafka external service + ## + extraPorts: [] + ## @param externalAccess.controller.service.ipFamilies IP families for the external controller service + ## + ipFamilies: [] + ## @param externalAccess.controller.service.ipFamilyPolicy IP family policy for the external controller service + ## + ipFamilyPolicy: "" + broker: + ## Parameters to configure K8s service(s) used to externally access Kafka brokers + ## Note: A new service per broker will be created + ## + service: + ## @param externalAccess.broker.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.broker.service.ports.external Kafka port used for external access when service type is LoadBalancer + ## + ports: + external: 9094 + ## @param externalAccess.broker.service.loadBalancerClass Kubernetes Service Load Balancer class for external access when service type is LoadBalancer + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + ## + loadBalancerClass: "" + ## @param externalAccess.broker.service.loadBalancerIPs Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.broker.service.loadBalancerNames Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerNames: + ## - broker1.external.example.com + ## - broker2.external.example.com + ## + loadBalancerNames: [] + ## @param externalAccess.broker.service.loadBalancerAnnotations Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## loadBalancerAnnotations: + ## - external-dns.alpha.kubernetes.io/hostname: broker1.external.example.com. + ## - external-dns.alpha.kubernetes.io/hostname: broker2.external.example.com. + ## + loadBalancerAnnotations: [] + ## @param externalAccess.broker.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.broker.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + ## + allocateLoadBalancerNodePorts: true + ## @param externalAccess.broker.service.nodePorts Array of node ports used for each Kafka broker. Length must be the same as replicaCount + ## e.g: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.broker.service.externalIPs Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount + ## e.g: + ## externalIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + externalIPs: [] + ## @param externalAccess.broker.service.useHostIPs Use service host IPs to configure Kafka external listener when service type is NodePort + ## + useHostIPs: false + ## @param externalAccess.broker.service.usePodIPs using the MY_POD_IP address for external access. + ## + usePodIPs: false + ## @param externalAccess.broker.service.domain Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP + ## NodePort: If not specified, the container will try to get the kubernetes node external IP + ## ClusterIP: Must be specified, ingress IP or domain where tcp for external ports is configured + ## + domain: "" + ## @param externalAccess.broker.service.publishNotReadyAddresses Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready + ## ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/ + ## + publishNotReadyAddresses: false + ## @param externalAccess.broker.service.labels Service labels for external access + ## + labels: {} + ## @param externalAccess.broker.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.broker.service.extraPorts Extra ports to expose in the Kafka external service + ## + extraPorts: [] + ## @param externalAccess.broker.service.ipFamilies IP families for the external broker service + ## + ipFamilies: [] + ## @param externalAccess.broker.service.ipFamilyPolicy IP family policy for the external broker service + ## + ipFamilyPolicy: "" +## Network policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the port Kafka is + ## listening on. When true, Kafka accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. + ## + addExternalClientAccess: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. + ## e.g: + ## ingressPodMatchLabels: + ## my-client: "true" + # + ingressPodMatchLabels: {} + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## @section Other Parameters + +## ServiceAccount for Kafka +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for Kafka pods + ## + create: true + ## @param serviceAccount.name The name of the service account to use. If not set and `create` is `true`, a name is generated + ## If not set and create is true, a name is generated using the kafka.serviceAccountName template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Role Based Access Control +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding Kafka ServiceAccount to a role + ## that allows Kafka pods querying the K8s API + ## + create: false + +## @section Metrics parameters + +## Prometheus Exporters / Metrics +## +metrics: + ## Prometheus JMX exporter: exposes the majority of Kafka metrics + ## + jmx: + ## @param metrics.jmx.enabled Whether or not to expose JMX metrics to Prometheus + ## + enabled: false + ## @param metrics.jmx.kafkaJmxPort JMX port where the exporter will collect metrics, exposed in the Kafka container. + ## + kafkaJmxPort: 5555 + ## Bitnami JMX exporter image + ## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/ + ## @param metrics.jmx.image.registry [default: REGISTRY_NAME] JMX exporter image registry + ## @param metrics.jmx.image.repository [default: REPOSITORY_NAME/jmx-exporter] JMX exporter image repository + ## @skip metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended) + ## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy + ## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/jmx-exporter + tag: 1.2.0-debian-12-r1 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Prometheus JMX exporter containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context + ## @param metrics.jmx.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param metrics.jmx.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot + ## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation + ## @param metrics.jmx.containerSecurityContext.readOnlyRootFilesystem Set Prometheus JMX exporter containers' Security Context readOnlyRootFilesystem + ## @param metrics.jmx.containerSecurityContext.capabilities.drop Set Prometheus JMX exporter containers' Security Context capabilities to be dropped + ## e.g: + ## containerSecurityContext: + ## enabled: true + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + ## @param metrics.jmx.containerPorts.metrics Prometheus JMX exporter metrics container port + ## + containerPorts: + metrics: 5556 + ## Prometheus JMX exporter resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param metrics.jmx.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.jmx.resources is set (metrics.jmx.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param metrics.jmx.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param metrics.jmx.livenessProbe.enabled Enable livenessProbe + ## @param metrics.jmx.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.jmx.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.jmx.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.jmx.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.jmx.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param metrics.jmx.readinessProbe.enabled Enable readinessProbe + ## @param metrics.jmx.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.jmx.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.jmx.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.jmx.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.jmx.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ## Prometheus JMX exporter service configuration + ## + service: + ## @param metrics.jmx.service.ports.metrics Prometheus JMX exporter metrics service port + ## + ports: + metrics: 5556 + ## @param metrics.jmx.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## + clusterIP: "" + ## @param metrics.jmx.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param metrics.jmx.service.annotations [object] Annotations for the Prometheus JMX exporter service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.jmx.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.jmx.service.ipFamilies IP families for the jmx metrics service + ## + ipFamilies: [] + ## @param metrics.jmx.service.ipFamilyPolicy IP family policy for the jmx metrics service + ## + ipFamilyPolicy: "" + ## @param metrics.jmx.whitelistObjectNames Allows setting which JMX objects you want to expose to via JMX stats to JMX exporter + ## Only whitelisted values will be exposed via JMX exporter. They must also be exposed via Rules. To expose all metrics + ## (warning its crazy excessive and they aren't formatted in a prometheus style) (1) `whitelistObjectNames: []` + ## (2) commented out above `overrideConfig`. + ## + whitelistObjectNames: + - kafka.controller:* + - kafka.server:* + - java.lang:* + - kafka.network:* + - kafka.log:* + ## @param metrics.jmx.config [string] Configuration file for JMX exporter + ## Specify content for jmx-kafka-prometheus.yml. Evaluated as a template + ## + ## Credits to the incubator/kafka chart for the JMX configuration. + ## https://github.com/helm/charts/tree/master/incubator/kafka + ## + config: |- + jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:{{ .Values.metrics.jmx.kafkaJmxPort }}/jmxrmi + lowercaseOutputName: true + lowercaseOutputLabelNames: true + ssl: false + {{- if .Values.metrics.jmx.whitelistObjectNames }} + whitelistObjectNames: ["{{ join "\",\"" .Values.metrics.jmx.whitelistObjectNames }}"] + {{- end }} + ## @param metrics.jmx.existingConfigmap Name of existing ConfigMap with JMX exporter configuration + ## NOTE: This will override metrics.jmx.config + ## + existingConfigmap: "" + ## @param metrics.jmx.extraRules Add extra rules to JMX exporter configuration + ## e.g: + ## extraRules: |- + ## - pattern: kafka.server<>(connection-count) + ## name: kafka_server_socket_server_metrics_$3 + ## labels: + ## listener: $1 + ## + extraRules: "" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.path Path where JMX exporter serves metrics + ## + path: /metrics + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + prometheusRule: + ## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (requires `metrics.jmx.enabled` to be `true`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + labels: {} + ## @param metrics.prometheusRule.groups Prometheus Rule Groups for Kafka + ## + groups: [] + +## @section Kafka provisioning parameters +## + +## Kafka provisioning +## +provisioning: + ## @param provisioning.enabled Enable Kafka provisioning Job + ## + enabled: false + ## @param provisioning.waitForKafka Whether an init container should be created to wait until Kafka is ready before provisioning + ## + waitForKafka: true + ## @param provisioning.useHelmHooks Flag to indicate usage of helm hooks + ## + useHelmHooks: true + ## @param provisioning.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param provisioning.numPartitions Default number of partitions for topics when unspecified + ## + numPartitions: 1 + ## @param provisioning.replicationFactor Default replication factor for topics when unspecified + ## + replicationFactor: 1 + ## @param provisioning.topics Kafka topics to provision + ## - name: topic-name + ## partitions: 1 + ## replicationFactor: 1 + ## ## https://kafka.apache.org/documentation/#topicconfigs + ## config: + ## max.message.bytes: 64000 + ## flush.messages: 1 + ## + topics: [] + ## @param provisioning.nodeSelector Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param provisioning.tolerations Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param provisioning.extraProvisioningCommands Extra commands to run to provision cluster resources + ## - echo "Allow user to consume from any topic" + ## - >- + ## /opt/bitnami/kafka/bin/kafka-acls.sh + ## --bootstrap-server $KAFKA_SERVICE + ## --command-config $CLIENT_CONF + ## --add + ## --allow-principal User:user + ## --consumer --topic * + ## - "/opt/bitnami/kafka/bin/kafka-acls.sh + ## --bootstrap-server $KAFKA_SERVICE + ## --command-config $CLIENT_CONF + ## --list" + ## + extraProvisioningCommands: [] + ## @param provisioning.parallel Number of provisioning commands to run at the same time + ## + parallel: 1 + ## @param provisioning.preScript Extra bash script to run before topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations + ## + preScript: "" + ## @param provisioning.postScript Extra bash script to run after topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations + ## + postScript: "" + ## Auth Configuration for kafka provisioning Job + ## + auth: + ## TLS configuration for kafka provisioning Job + ## + tls: + ## @param provisioning.auth.tls.type Format to use for TLS certificates. Allowed types: `JKS` and `PEM`. + ## Note: ignored if auth.tls.client.protocol different from one of these values: "SSL" "SASL_SSL" + ## + type: jks + ## @param provisioning.auth.tls.certificatesSecret Existing secret containing the TLS certificates for the Kafka provisioning Job. + ## When using 'jks' format for certificates, the secret should contain a truststore and a keystore. + ## When using 'pem' format for certificates, the secret should contain one of the following: + ## 1. A public CA certificate, a public certificate and one private key. + ## 2. A truststore and a keystore in PEM format + ## If caCert is set, option 1 will be taken, otherwise option 2. + ## + certificatesSecret: "" + ## @param provisioning.auth.tls.cert The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt) + ## + cert: tls.crt + ## @param provisioning.auth.tls.key The secret key from the certificatesSecret if 'key' key different from the default (tls.key) + ## + key: tls.key + ## @param provisioning.auth.tls.caCert The secret key from the certificatesSecret if 'caCert' key different from the default (ca.crt) + ## + caCert: ca.crt + ## @param provisioning.auth.tls.keystore The secret key from the certificatesSecret if 'keystore' key different from the default (keystore.jks) + ## + keystore: keystore.jks + ## @param provisioning.auth.tls.truststore The secret key from the certificatesSecret if 'truststore' key different from the default (truststore.jks) + ## + truststore: truststore.jks + ## @param provisioning.auth.tls.passwordsSecret Name of the secret containing passwords to access the JKS files or PEM key when they are password-protected. + ## It should contain two keys called "keystore-password" and "truststore-password", or "key-password" if using a password-protected PEM key. + ## + passwordsSecret: "" + ## @param provisioning.auth.tls.keyPasswordSecretKey The secret key from the passwordsSecret if 'keyPasswordSecretKey' key different from the default (key-password) + ## Note: must not be used if `passwordsSecret` is not defined. + ## + keyPasswordSecretKey: key-password + ## @param provisioning.auth.tls.keystorePasswordSecretKey The secret key from the passwordsSecret if 'keystorePasswordSecretKey' key different from the default (keystore-password) + ## Note: must not be used if `passwordsSecret` is not defined. + ## + keystorePasswordSecretKey: keystore-password + ## @param provisioning.auth.tls.truststorePasswordSecretKey The secret key from the passwordsSecret if 'truststorePasswordSecretKey' key different from the default (truststore-password) + ## Note: must not be used if `passwordsSecret` is not defined. + ## + truststorePasswordSecretKey: truststore-password + ## @param provisioning.auth.tls.keyPassword Password to access the password-protected PEM key if necessary. Ignored if 'passwordsSecret' is provided. + ## + keyPassword: "" + ## @param provisioning.auth.tls.keystorePassword Password to access the JKS keystore. Ignored if 'passwordsSecret' is provided. + ## + keystorePassword: "" + ## @param provisioning.auth.tls.truststorePassword Password to access the JKS truststore. Ignored if 'passwordsSecret' is provided. + ## + truststorePassword: "" + ## @param provisioning.command Override provisioning container command + ## + command: [] + ## @param provisioning.args Override provisioning container arguments + ## + args: [] + ## @param provisioning.extraEnvVars Extra environment variables to add to the provisioning pod + ## e.g: + ## extraEnvVars: + ## - name: KAFKA_CFG_BACKGROUND_THREADS + ## value: "10" + ## + extraEnvVars: [] + ## @param provisioning.extraEnvVarsCM ConfigMap with extra environment variables + ## + extraEnvVarsCM: "" + ## @param provisioning.extraEnvVarsSecret Secret with extra environment variables + ## + extraEnvVarsSecret: "" + ## @param provisioning.podAnnotations Extra annotations for Kafka provisioning pods + ## + podAnnotations: {} + ## @param provisioning.podLabels Extra labels for Kafka provisioning pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## Kafka provisioning pods ServiceAccount + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param provisioning.serviceAccount.create Enable creation of ServiceAccount for Kafka provisioning pods + ## + create: true + ## @param provisioning.serviceAccount.name The name of the service account to use. If not set and `create` is `true`, a name is generated + ## If not set and create is true, a name is generated using the provisioning.serviceAccount.name template + ## + name: "" + ## @param provisioning.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## Kafka provisioning resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param provisioning.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param provisioning.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Kafka provisioning pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param provisioning.podSecurityContext.enabled Enable security context for the pods + ## @param provisioning.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param provisioning.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param provisioning.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param provisioning.podSecurityContext.fsGroup Set Kafka provisioning pod's Security Context fsGroup + ## @param provisioning.podSecurityContext.seccompProfile.type Set Kafka provisioning pod's Security Context seccomp profile + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" + ## Kafka provisioning containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param provisioning.containerSecurityContext.enabled Enable Kafka provisioning containers' Security Context + ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param provisioning.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param provisioning.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param provisioning.containerSecurityContext.runAsNonRoot Set Kafka provisioning containers' Security Context runAsNonRoot + ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set Kafka provisioning containers' Security Context allowPrivilegeEscalation + ## @param provisioning.containerSecurityContext.readOnlyRootFilesystem Set Kafka provisioning containers' Security Context readOnlyRootFilesystem + ## @param provisioning.containerSecurityContext.capabilities.drop Set Kafka provisioning containers' Security Context capabilities to be dropped + ## e.g: + ## containerSecurityContext: + ## enabled: true + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + ## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for kafka provisioning + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param provisioning.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace. + ## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`. + ## + enableServiceLinks: true + ## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for the Kafka provisioning pod(s) + ## e.g: + ## extraVolumes: + ## - name: kafka-jaas + ## secret: + ## secretName: kafka-jaas + ## + extraVolumes: [] + ## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka provisioning container(s) + ## extraVolumeMounts: + ## - name: kafka-jaas + ## mountPath: /bitnami/kafka/config/kafka_jaas.conf + ## subPath: kafka_jaas.conf + ## + extraVolumeMounts: [] + ## @param provisioning.sidecars Add additional sidecar containers to the Kafka provisioning pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param provisioning.initContainers Add additional Add init containers to the Kafka provisioning pod(s) + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] From 7edeb32fa9349b483d5067677c59f4235a10a9ae Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Mon, 28 Apr 2025 08:50:13 -0700 Subject: [PATCH 07/12] fix grip revproxy --- helm/revproxy/gen3.nginx.conf/grip-service.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/revproxy/gen3.nginx.conf/grip-service.conf b/helm/revproxy/gen3.nginx.conf/grip-service.conf index 1881bf7bd..e6cc63f87 100644 --- a/helm/revproxy/gen3.nginx.conf/grip-service.conf +++ b/helm/revproxy/gen3.nginx.conf/grip-service.conf @@ -14,8 +14,8 @@ location /grip/writer { proxy_read_timeout 600s; send_timeout 600s; - rewrite ^/grip/writer/(.*)$ /$1 break; - proxy_pass http://grip-service.$namespace.svc.cluster.local:8201/writer; + rewrite ^/grip/(.*)$ /$1 break; + proxy_pass http://grip-service.$namespace.svc.cluster.local:8201; } location /grip/graphql { From e8e92b6a45522dda6ed161ec52418ed8660784cb Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Wed, 30 Apr 2025 15:59:11 -0700 Subject: [PATCH 08/12] add support for pvc size in values file --- .../templates/elasticsearch-pv.yaml | 4 +- helm/grip/templates/pebble-pv.yaml | 2 +- helm/kafka/values.yaml | 1 + helm/mongodb/.helmignore | 25 - helm/mongodb/Chart.yaml | 42 - helm/mongodb/README.md | 1179 -------- helm/mongodb/mongodb-pv.yaml | 25 - helm/mongodb/templates/_helpers.tpl | 675 ----- helm/mongodb/templates/common-scripts-cm.yaml | 143 - helm/mongodb/templates/configmap.yaml | 20 - .../templates/initialization-configmap.yaml | 19 - helm/mongodb/templates/psp.yaml | 51 - helm/mongodb/templates/role.yaml | 31 - helm/mongodb/templates/rolebinding.yaml | 21 - helm/mongodb/templates/secrets-ca.yaml | 33 - helm/mongodb/templates/secrets.yaml | 128 - helm/mongodb/templates/serviceaccount.yaml | 20 - .../mongodb/templates/standalone/dep-sts.yaml | 498 ---- helm/mongodb/templates/standalone/pdb.yaml | 28 - helm/mongodb/templates/standalone/pvc.yaml | 31 - helm/mongodb/templates/standalone/svc.yaml | 62 - helm/mongodb/values.schema.json | 232 -- helm/mongodb/values.yaml | 2501 ----------------- 23 files changed, 4 insertions(+), 5767 deletions(-) delete mode 100644 helm/mongodb/.helmignore delete mode 100644 helm/mongodb/Chart.yaml delete mode 100644 helm/mongodb/README.md delete mode 100644 helm/mongodb/mongodb-pv.yaml delete mode 100644 helm/mongodb/templates/_helpers.tpl delete mode 100644 helm/mongodb/templates/common-scripts-cm.yaml delete mode 100644 helm/mongodb/templates/configmap.yaml delete mode 100644 helm/mongodb/templates/initialization-configmap.yaml delete mode 100644 helm/mongodb/templates/psp.yaml delete mode 100644 helm/mongodb/templates/role.yaml delete mode 100644 helm/mongodb/templates/rolebinding.yaml delete mode 100644 helm/mongodb/templates/secrets-ca.yaml delete mode 100644 helm/mongodb/templates/secrets.yaml delete mode 100644 helm/mongodb/templates/serviceaccount.yaml delete mode 100644 helm/mongodb/templates/standalone/dep-sts.yaml delete mode 100644 helm/mongodb/templates/standalone/pdb.yaml delete mode 100644 helm/mongodb/templates/standalone/pvc.yaml delete mode 100644 helm/mongodb/templates/standalone/svc.yaml delete mode 100644 helm/mongodb/values.schema.json delete mode 100644 helm/mongodb/values.yaml diff --git a/helm/aws-es-proxy/templates/elasticsearch-pv.yaml b/helm/aws-es-proxy/templates/elasticsearch-pv.yaml index ac69c5352..c97c3c0d6 100644 --- a/helm/aws-es-proxy/templates/elasticsearch-pv.yaml +++ b/helm/aws-es-proxy/templates/elasticsearch-pv.yaml @@ -1,4 +1,4 @@ -apiVersion: v1 + apiVersion: v1 kind: PersistentVolume metadata: name: elasticsearch-pv @@ -8,7 +8,7 @@ spec: storageClassName: local-storage volumeMode: Filesystem capacity: - storage: 30Gi # Adjust the size as needed + storage: {{ .Values.persistence.capacity | default "30Gi" }} accessModes: - ReadWriteOnce # Adjust the access mode as needed persistentVolumeReclaimPolicy: Retain diff --git a/helm/grip/templates/pebble-pv.yaml b/helm/grip/templates/pebble-pv.yaml index 5bbdc6027..4426bc074 100644 --- a/helm/grip/templates/pebble-pv.yaml +++ b/helm/grip/templates/pebble-pv.yaml @@ -14,7 +14,7 @@ spec: storageClassName: "" # Leave empty if not using a storage class volumeMode: Filesystem capacity: - storage: 50Gi + storage: {{ .Values.persistence.capacity | default "50Gi" }} accessModes: - ReadWriteOnce claimRef: diff --git a/helm/kafka/values.yaml b/helm/kafka/values.yaml index 13f40cc8c..9c8f801f7 100644 --- a/helm/kafka/values.yaml +++ b/helm/kafka/values.yaml @@ -11,6 +11,7 @@ ## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) ## global: + enabled: false imageRegistry: "" ## E.g. ## imagePullSecrets: diff --git a/helm/mongodb/.helmignore b/helm/mongodb/.helmignore deleted file mode 100644 index 207983f36..000000000 --- a/helm/mongodb/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/helm/mongodb/Chart.yaml b/helm/mongodb/Chart.yaml deleted file mode 100644 index ba63e174f..000000000 --- a/helm/mongodb/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -annotations: - category: Database - licenses: Apache-2.0 - images: | - - name: kubectl - image: docker.io/bitnami/kubectl:1.31.1-debian-12-r3 - - name: mongodb - image: docker.io/bitnami/mongodb:8.0.1-debian-12-r0 - - name: mongodb-exporter - image: docker.io/bitnami/mongodb-exporter:0.41.1-debian-12-r1 - - name: nginx - image: docker.io/bitnami/nginx:1.27.2-debian-12-r0 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r31 -apiVersion: v2 -appVersion: 8.0.1 -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png -keywords: -- mongodb -- database -- nosql -- cluster -- replicaset -- replication -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: mongodb -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 16.0.3 diff --git a/helm/mongodb/README.md b/helm/mongodb/README.md deleted file mode 100644 index a1c63fb47..000000000 --- a/helm/mongodb/README.md +++ /dev/null @@ -1,1179 +0,0 @@ - - -# MongoDB(R) packaged by Bitnami - -MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. - -[Overview of MongoDB®](http://www.mongodb.org) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Bitnami. - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/mongodb -``` - -Looking to use MongoDBreg; in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart bootstraps a [MongoDB(®)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Architecture - -This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: - -```console -architecture="standalone" -architecture="replicaset" -``` - -### Standalone architecture - -The *standalone* architecture installs a deployment (or StatefulSet) with one MongoDB® server (it cannot be scaled): - -```text - ---------------- - | MongoDB® | - | svc | - ---------------- - | - v - ------------ - |MongoDB®| - | Server | - | Pod | - ----------- -``` - -### Replicaset architecture - -The chart also supports the *replicaset* architecture with and without a MongoDB(®) Arbiter: - -When the MongoDB(®) Arbiter is enabled, the chart installs two StatefulSets: A StatefulSet with N MongoDB(®) servers (organised with one primary and N-1 secondary nodes), and a StatefulSet with one MongoDB(®) arbiter node (it cannot be scaled). - -```text - ---------------- ---------------- ---------------- ------------- - | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | | Arbiter | - | external svc | | external svc | | external svc | | svc | - ---------------- ---------------- ---------------- ------------- - | | | | - v v v v - ---------------- ---------------- ---------------- -------------- - | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | | MongoDB® | - | Server | | Server | | Server | | Arbiter | - | Pod | | Pod | | Pod | | Pod | - ---------------- ---------------- ---------------- -------------- - primary secondary secondary -``` - -The PSA model is useful when the third Availability Zone cannot hold a full MongoDB(®) instance. The MongoDB(®) Arbiter as decision maker is lightweight and can run alongside other workloads. - -> NOTE: An update takes your MongoDB(®) replicaset offline if the Arbiter is enabled and the number of MongoDB(®) replicas is two. Helm applies updates to the StatefulSets for the MongoDB(®) instance and the Arbiter at the same time so you lose two out of three quorum votes. - -Without the Arbiter, the chart deploys a single statefulset with N MongoDB(®) servers (organised with one primary and N-1 secondary nodes). - -```text - ---------------- ---------------- ---------------- - | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | - | external svc | | external svc | | external svc | - ---------------- ---------------- ---------------- - | | | - v v v - ---------------- ---------------- ---------------- - | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | - | Server | | Server | | Server | - | Pod | | Pod | | Pod | - ---------------- ---------------- ---------------- - primary secondary secondary -``` - -There are no services load balancing requests between MongoDB(®) nodes; instead, each node has an associated service to access them individually. - -> NOTE: Although the first replica is initially assigned the primary role, any of the secondary nodes can become the primary if it is down, or during upgrades. Do not make any assumption about what replica has the primary role. Instead, configure your MongoDB(®) client with the list of MongoDB(®) hostnames so it can dynamically choose the node to send requests. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### [Rolling vs Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Customize a new MongoDB instance - -The [Bitnami MongoDB(®) image](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: - -- Specify them using the `initdbScripts` parameter as dict. -- Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. - -The allowed script extensions are `.sh` and `.js`. - -### Replicaset: Access MongoDB(®) nodes from outside the cluster - -In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: - -- Using LoadBalancer services -- Using NodePort services. - -#### Use LoadBalancer services - -Three alternatives are available to use *LoadBalancer* services: - -- Use random load balancer IP addresses using an *initContainer* that waits for the IP addresses to be ready and discovers them automatically. An example deployment configuration is shown below: - - ```yaml - architecture: replicaset - replicaCount: 2 - externalAccess: - enabled: true - service: - type: LoadBalancer - autoDiscovery: - enabled: true - serviceAccount: - create: true - automountServiceAccountToken: true - rbac: - create: true - ``` - - > NOTE: This option requires creating RBAC rules on clusters where RBAC policies are enabled. - -- Manually specify the load balancer IP addresses. An example deployment configuration is shown below, with the placeholder EXTERNAL-IP-ADDRESS-X used in place of the load balancer IP addresses: - - ```yaml - architecture: replicaset - replicaCount: 2 - externalAccess: - enabled: true - service: - type: LoadBalancer - loadBalancerIPs: - - 'EXTERNAL-IP-ADDRESS-1' - - 'EXTERNAL-IP-ADDRESS-2' - ``` - - > NOTE: This option requires knowing the load balancer IP addresses, so that each MongoDB® node's advertised hostname is configured with it. - -- Specify `externalAccess.service.publicNames`. These names must be resolvable by the MongoDB® containers. To ensure that, if this value is set, an initContainer is added to wait for the ip addresses associated to those names. We can combine this feature with `external-dns`, setting the required annotations to configure the load balancer names: - - ```yaml - architecture: replicaset - replicaCount: 2 - externalAccess: - enabled: true - service: - type: LoadBalancer - publicNames: - - 'mongodb-0.example.com' - - 'mongodb-1.example.com' - annotationsList: - - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com - - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com - ``` - - > NOTE: If register new DNS records for those names is not an option, the release can be upgraded setting `hostAliases` with the public IPs assigned to the external services. - -#### Use NodePort services - -Manually specify the node ports to use. An example deployment configuration is shown below, with the placeholder NODE-PORT-X used in place of the node ports: - -```text -architecture=replicaset -replicaCount=2 -externalAccess.enabled=true -externalAccess.service.type=NodePort -externalAccess.service.nodePorts[0]='NODE-PORT-1' -externalAccess.service.nodePorts[1]='NODE-PORT-2' -``` - -> NOTE: This option requires knowing the node ports that will be exposed, so each MongoDB® node's advertised hostname is configured with it. - -The pod will try to get the external IP address of the node using the command `curl -s https://ipinfo.io/IP-ADDRESS` unless the `externalAccess.service.domain` parameter is set. - -### Bootstrapping with an External Cluster - -This chart is equipped with the ability to bring online a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes. This effectively creates a hybrid MongoDB(®) Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single MongoDB(®) Deployment. This is helpful in situations where one may be migrating MongoDB(®) from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: - -```yaml -externalAccess: - externalMaster: - enabled: true - host: external-mongodb-0.internal -``` - -:warning: To bootstrap MongoDB(®) with an external master that lies outside of Kubernetes, be sure to set up external access using any of the suggested methods in this chart to have connectivity between the MongoDB(®) members. :warning: - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Backup and restore MongoDB(R) deployments - -Two different approaches are available to back up and restore Bitnami MongoDB® Helm chart deployments on Kubernetes: - -- Back up the data from the source deployment and restore it in a new deployment using MongoDB® built-in backup/restore tools. -- Back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. - -#### Method 1: Backup and restore data using MongoDB® built-in tools - -This method involves the following steps: - -- Use the *mongodump* tool to create a snapshot of the data in the source cluster. -- Create a new MongoDB® Cluster deployment and forward the MongoDB® Cluster service port for the new deployment. -- Restore the data using the *mongorestore* tool to import the backup to the new cluster. - -> NOTE: Under this approach, it is important to create the new deployment on the destination cluster using the same credentials as the original deployment on the source cluster. - -#### Method 2: Back up and restore persistent data volumes - -This method involves copying the persistent data volumes for the MongoDB® nodes and reusing them in a new deployment with [Velero](https://velero.io/), an open source Kubernetes backup/restore tool. This method is only suitable when: - -- The Kubernetes provider is [supported by Velero](https://velero.io/docs/latest/supported-providers/). -- Both clusters are on the same Kubernetes provider, as this is a requirement of [Velero's native support for migrating persistent volumes](https://velero.io/docs/latest/migration-case/). -- The restored deployment on the destination cluster will have the same name, namespace, topology and credentials as the original deployment on the source cluster. - -This method involves the following steps: - -- Install Velero on the source and destination clusters. -- Use Velero to back up the PersistentVolumes (PVs) used by the deployment on the source cluster. -- Use Velero to restore the backed-up PVs on the destination cluster. -- Create a new deployment on the destination cluster with the same chart, deployment name, credentials and other parameters as the original. This new deployment will use the restored PVs and hence the original data. - -Refer to our detailed [tutorial on backing up and restoring MongoDB® chart deployments on Kubernetes](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-backup-restore-data-mongodb-kubernetes-index.html), which covers both these approaches, for more information. - -### Use custom Prometheus rules - -Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. A basic configuration example is shown below: - -```text - metrics: - enabled: true - prometheusRule: - enabled: true - rules: - - name: rule1 - rules: - - alert: HighRequestLatency - expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 - for: 10m - labels: - severity: page - annotations: - summary: High request latency -``` - -### Enable SSL/TLS - -This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. - -#### Generate the self-signed certificates via pre-install Helm hooks - -The `secrets-ca.yaml` file utilizes the Helm "pre-install" hook to ensure that the certificates will only be generated on chart install. - -The `genCA()` function will create a new self-signed x509 certificate authority. The `genSignedCert()` function creates an object with the certificate and key, which are base64-encoded and used in a YAML-like object. The `genSignedCert()` function is passed the CN, an empty IP list (the nil part), the validity and the CA created previously. - -A Kubernetes Secret is used to hold the signed certificate created above, and the `initContainer` sets up the rest. Using Helm's hook annotations ensures that the certificates will only be generated on chart install. This will prevent overriding the certificates if the chart is upgraded. - -#### Use your own CA - -To use your own CA, set `tls.caCert` and `tls.caKey` with appropriate base64 encoded data. The `secrets-ca.yaml` file will utilize this data to create the Secret. - -> NOTE: Currently, only RSA private keys are supported. - -#### Use your own certificates - -To use your own certificates, set `tls.standalone.existingSecret`, `tls.replicaset.existingSecrets`, `tls.hidden.existingSecrets` and/or `tls.arbiter.existingSecret` secrets according to your needs. All of them must be references to `kubernetes.io/tls` secrets and the certificates must be created using the same CA. The CA can be added directly to each secret using the `ca.crt` key: - -```shell -kubectl create secret tls "mongodb-0-cert" --cert="mongodb-0.crt" --key="mongodb-0.key" -kubectl patch secret "mongodb-0-cert" -p="{\"data\":{\"ca.crt\": \"$(cat ca.crt | base64 -w0 )\"}}" -``` - -Or adding it to the "endpoint certificate" and setting the value `tls.pemChainIncluded`. If we reuse the example above, the `mongodb-0.crt` file should include CA cert and we shouldn't need to patch the secret to add the `ca.crt` set key. - -> NOTE: Certificates should be signed for the fully qualified domain names. If `externalAccess.service.publicNames`is set, those names should be used in the certificates set in `tls.replicaset.existingSecrets`. - -#### Access the cluster - -To access the cluster, enable the init container which generates the MongoDB(®) server/client PEM key needed to access the cluster. Please be sure to include the `$my_hostname` section with your actual hostname, and the alternative hostnames section should contain the hostnames that should be allowed access to the MongoDB(®) replicaset. Additionally, if external access is enabled, the load balancer IP addresses are added to the alternative names list. - -> NOTE: You will be generating self-signed certificates for the MongoDB(®) deployment. The init container generates a new MongoDB(®) private key which will be used to create a Certificate Authority (CA) and the public certificate for the CA. The Certificate Signing Request will be created as well and signed using the private key of the CA previously created. Finally, the PEM bundle will be created using the private key and public certificate. This process will be repeated for each node in the cluster. - -#### Start the cluster - -After the certificates have been generated and made available to the containers at the correct mount points, the MongoDB(®) server will be started with TLS enabled. The options for the TLS mode will be one of `disabled`, `allowTLS`, `preferTLS`, or `requireTLS`. This value can be changed via the `MONGODB_EXTRA_FLAGS` field using the `tlsMode` parameter. The client should now be able to connect to the TLS-enabled cluster with the provided certificates. - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami MongoDB(®)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) image stores the MongoDB(®) data and configurations at the `/bitnami/mongodb` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `topologyKey` | Override common lib default topology key. If empty - "kubernetes.io/hostname" is used | `""` | -| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | -| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - -### MongoDB(®) parameters - -| Name | Description | Value | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `image.registry` | MongoDB(®) image registry | `REGISTRY_NAME` | -| `image.repository` | MongoDB(®) image registry | `REPOSITORY_NAME/mongodb` | -| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | -| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | -| `auth.enabled` | Enable authentication | `true` | -| `auth.rootUser` | MongoDB(®) root user | `root` | -| `auth.rootPassword` | MongoDB(®) root password | `""` | -| `auth.usernames` | List of custom users to be created during the initialization | `[]` | -| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | -| `auth.databases` | List of custom databases to be created during the initialization | `[]` | -| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | -| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | -| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | -| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | -| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) | `""` | -| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | -| `tls.mTLS.enabled` | IF TLS support is enabled, require clients to provide certificates | `true` | -| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | -| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`) | `""` | -| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | -| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | -| `tls.pemChainIncluded` | Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. | `false` | -| `tls.standalone.existingSecret` | Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `""` | -| `tls.replicaset.existingSecrets` | Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `[]` | -| `tls.hidden.existingSecrets` | Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `[]` | -| `tls.arbiter.existingSecret` | Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `""` | -| `tls.image.registry` | Init container TLS certs setup image registry | `REGISTRY_NAME` | -| `tls.image.repository` | Init container TLS certs setup image repository | `REPOSITORY_NAME/nginx` | -| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | -| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | -| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | -| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | -| `tls.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). | `nano` | -| `tls.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `tls.securityContext` | Init container generate-tls-cert Security context | `{}` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | -| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | -| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | -| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | -| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | -| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | -| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | -| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | -| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | - -### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) - -| Name | Description | Value | -| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | -| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | -| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | -| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraFlags` | MongoDB(®) additional command line flags | `[]` | -| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | - -### MongoDB(®) statefulset parameters - -| Name | Description | Value | -| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `replicaCount` | Number of MongoDB(®) nodes | `2` | -| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | -| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | -| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | -| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | -| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | -| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | -| `podLabels` | MongoDB(®) pod labels | `{}` | -| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | -| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | -| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | -| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | -| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` | -| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | -| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `true` | -| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `""` | -| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. | `""` | - -### Traffic exposure parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `service.nameOverride` | MongoDB(®) service name | `""` | -| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | -| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | -| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | -| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | -| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | -| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | -| `service.loadBalancerClass` | loadBalancerClass for MongoDB(®) Service (only for standalone architecture) | `""` | -| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | -| `service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` | -| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Provide any additional annotations that may be required | `{}` | -| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | -| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | -| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | -| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `REGISTRY_NAME` | -| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `REPOSITORY_NAME/kubectl` | -| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | -| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | -| `externalAccess.autoDiscovery.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` | -| `externalAccess.autoDiscovery.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `externalAccess.dnsCheck.image.registry` | Init container dns-check image registry | `REGISTRY_NAME` | -| `externalAccess.dnsCheck.image.repository` | Init container dns-check image repository | `REPOSITORY_NAME/kubectl` | -| `externalAccess.dnsCheck.image.digest` | Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.dnsCheck.image.pullPolicy` | Init container dns-check image pull policy | `IfNotPresent` | -| `externalAccess.dnsCheck.image.pullSecrets` | Init container dns-check image pull secrets | `[]` | -| `externalAccess.dnsCheck.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` | -| `externalAccess.dnsCheck.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `externalAccess.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `externalAccess.externalMaster.host` | External master host to bootstrap from | `""` | -| `externalAccess.externalMaster.port` | Port for MongoDB(®) service external master host | `27017` | -| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | -| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.service.publicNames` | Array of public names. The size should be equal to the number of replicas. | `[]` | -| `externalAccess.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` | -| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` | -| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | -| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.service.annotations` | Service annotations for external access. These annotations are common for all services created. | `{}` | -| `externalAccess.service.annotationsList` | Service annotations for eache external service. This value contains a list allowing different annotations per each external service. | `[]` | -| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | -| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | -| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.hidden.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` | -| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.hidden.service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` | -| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | -| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | - -### Network policy parameters - -| Name | Description | Value | -| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.addExternalClientAccess` | Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressPodMatchLabels` | Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. | `{}` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | -| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | -| `persistence.name` | Name of the PVC and mounted volume | `datadir` | -| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | -| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | -| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | -| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | -| `persistence.annotations` | PVC annotations | `{}` | -| `persistence.labels` | PVC labels | `{}` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | -| `persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for MongoDB(®) Statefulset | `false` | -| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | - -### Backup parameters - -| Name | Description | Value | -| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` | -| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` | -| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` | -| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` | -| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` | -| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` | -| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` | -| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` | -| `backup.cronjob.backoffLimit` | Set the cronjob parameter backoffLimit | `6` | -| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `backup.cronjob.command` | Set backup container's command to run | `[]` | -| `backup.cronjob.labels` | Set the cronjob labels | `{}` | -| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` | -| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | -| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | -| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` | -| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` | -| `backup.cronjob.storage.annotations` | PVC annotations | `{}` | -| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/mongodb` | -| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` | -| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | `""` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | -| `rbac.rules` | Custom rules to create following the role specification | `[]` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | -| `podSecurityPolicy.privileged` | Allow privileged | `false` | -| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | -| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | - -### Arbiter parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `arbiter.enabled` | Enable deploying the arbiter | `true` | -| `arbiter.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `arbiter.hostAliases` | Add deployment host aliases | `[]` | -| `arbiter.configuration` | Arbiter configuration file to be used | `""` | -| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | -| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | -| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | -| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | -| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | -| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | -| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | -| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | -| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | -| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | -| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | -| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | -| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | -| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | -| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | -| `arbiter.podLabels` | Arbiter pod labels | `{}` | -| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | -| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | -| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | -| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | -| `arbiter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `arbiter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | -| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | -| `arbiter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `arbiter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `arbiter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `arbiter.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `arbiter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `arbiter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `arbiter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `arbiter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `arbiter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `arbiter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `arbiter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production). | `small` | -| `arbiter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | -| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | -| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | -| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | -| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | -| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | -| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | -| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | -| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | -| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `true` | -| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `""` | -| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable. Defaults to `1` if both `arbiter.pdb.minAvailable` and `arbiter.pdb.maxUnavailable` are empty. | `""` | -| `arbiter.service.nameOverride` | The arbiter service name | `""` | -| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | -| `arbiter.service.headless.annotations` | Annotations for the headless service. | `{}` | - -### Hidden Node parameters - -| Name | Description | Value | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `hidden.enabled` | Enable deploying the hidden nodes | `false` | -| `hidden.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hidden.hostAliases` | Add deployment host aliases | `[]` | -| `hidden.configuration` | Hidden node configuration file to be used | `""` | -| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | -| `hidden.command` | Override default container command (useful when using custom images) | `[]` | -| `hidden.args` | Override default container args (useful when using custom images) | `[]` | -| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | -| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | -| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | -| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | -| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | -| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | -| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | -| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | -| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | -| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | -| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | -| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | -| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | -| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | -| `hidden.podLabels` | Hidden node pod labels | `{}` | -| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | -| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | -| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | -| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | -| `hidden.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `hidden.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | -| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | -| `hidden.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `hidden.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `hidden.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `hidden.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `hidden.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `hidden.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `hidden.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `hidden.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `hidden.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `hidden.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `hidden.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production). | `micro` | -| `hidden.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | -| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | -| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | -| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | -| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | -| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | -| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | -| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | -| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `true` | -| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `""` | -| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable. Defaults to `1` if both `hidden.pdb.minAvailable` and `hidden.pdb.maxUnavailable` are empty. | `""` | -| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | -| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | -| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | -| `hidden.persistence.annotations` | PVC annotations | `{}` | -| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/bitnami/mongodb` | -| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | -| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | -| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | -| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | -| `hidden.service.headless.annotations` | Annotations for the headless service. | `{}` | - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | -| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `REPOSITORY_NAME/mongodb-exporter` | -| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.username` | String with username for the metrics exporter | `""` | -| `metrics.password` | String with password for the metrics exporter | `""` | -| `metrics.compatibleMode` | Enables old style mongodb-exporter metrics | `true` | -| `metrics.collector.all` | Enable all collectors. Same as enabling all individual metrics | `false` | -| `metrics.collector.diagnosticdata` | Boolean Enable collecting metrics from getDiagnosticData | `true` | -| `metrics.collector.replicasetstatus` | Boolean Enable collecting metrics from replSetGetStatus | `true` | -| `metrics.collector.dbstats` | Boolean Enable collecting metrics from dbStats | `false` | -| `metrics.collector.topmetrics` | Boolean Enable collecting metrics from top admin command | `false` | -| `metrics.collector.indexstats` | Boolean Enable collecting metrics from $indexStats | `false` | -| `metrics.collector.collstats` | Boolean Enable collecting metrics from $collStats | `false` | -| `metrics.collector.collstatsColls` | List of \.\ to get $collStats | `[]` | -| `metrics.collector.indexstatsColls` | List - List of \.\ to get $indexStats | `[]` | -| `metrics.collector.collstatsLimit` | Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \ collections. 0=No limit | `0` | -| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | -| `metrics.command` | Override default container command (useful when using custom images) | `[]` | -| `metrics.args` | Override default container args (useful when using custom images) | `[]` | -| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | -| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | -| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | -| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | -| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the metrics container(s) | `[]` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ - oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mongodb/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: - -```console -helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. - -### To 16.0.0 - -To upgrade to MongoDB `8.0` from a `7.0` deployment, the `7.0` deployment must have `featureCompatibilityVersion` set to `7.0`. Please refer to the [official documentation](https://www.mongodb.com/docs/manual/release-notes/8.0/#upgrade-procedures). - -### To 15.0.0 - -This major bump changes the following security defaults: - -- `runAsGroup` is changed from `0` to `1001` -- `readOnlyRootFilesystem` is set to `true` -- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). -- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. - -This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. - -### To 12.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Affected values: - -- `strategyType` is replaced by `updateStrategy` -- `service.port` is renamed to `service.ports.mongodb` -- `service.nodePort` is renamed to `service.nodePorts.mongodb` -- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` -- `rbac.role.rules` is renamed to `rbac.rules` -- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` -- `hidden.strategyType` is replaced by `hidden.updateStrategy` -- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) -- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` - -Additionally also updates the MongoDB image dependency to it newest major, 5.0 - -### To 11.0.0 - -In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). -Please visit the release notes from the upstream project at - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -### To 9.0.0 - -MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: - -- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) -- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) - -### To 8.0.0 - -- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. -- Chart labels were adapted to follow the Helm charts best practices. -- This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. -- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: - - `replicas` is renamed to `replicaCount`. - - Authentication parameters are reorganized under the `auth.*` parameter: - - `usePassword` is renamed to `auth.enabled`. - - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. - - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. - - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. - - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. - -### To 7.0.0 - -From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: - -```yaml -ingress: - hosts: - - name: mongodb.local - path: / -``` - -### To 6.0.0 - -From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. -You can find more information in the [`bitnami/mongodb` image README](https://github.com/bitnami/containers/tree/main/bitnami/mongodb#readme). - -### To 5.0.0 - -When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. -Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: - -```console -kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false -``` - -### Add extra deployment options - -To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. - -In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: - -```yaml -extraDeploy: - - apiVersion: v1 - kind: Service - metadata: - name: mongodb-primary - namespace: default - labels: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: mongodb - spec: - type: NodePort - externalTrafficPolicy: Cluster - ports: - - name: mongodb-primary - port: 30001 - nodePort: 30001 - protocol: TCP - targetPort: mongodb - selector: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/name: mongodb - primary: "true" -``` - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/helm/mongodb/mongodb-pv.yaml b/helm/mongodb/mongodb-pv.yaml deleted file mode 100644 index 3f3e883ee..000000000 --- a/helm/mongodb/mongodb-pv.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: mongodb-pv - labels: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: local - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: mongodb - annotations: - meta.helm.sh/release-name: local - meta.helm.sh/release-namespace: default -spec: - storageClassName: "" # Leave empty if not using a storage class - volumeMode: Filesystem - capacity: - storage: 30Gi - accessModes: - - ReadWriteOnce - claimRef: - namespace: default - name: mongodb - persistentVolumeReclaimPolicy: Retain - hostPath: - path: /usr/share/mongodb/data diff --git a/helm/mongodb/templates/_helpers.tpl b/helm/mongodb/templates/_helpers.tpl deleted file mode 100644 index 37ad98aa1..000000000 --- a/helm/mongodb/templates/_helpers.tpl +++ /dev/null @@ -1,675 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mongodb.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mongodb.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Create a default mongo service name which can be overridden. -*/}} -{{- define "mongodb.service.nameOverride" -}} - {{- if and .Values.service .Values.service.nameOverride -}} - {{- print .Values.service.nameOverride -}} - {{- else -}} - {{- if eq .Values.architecture "replicaset" -}} - {{- printf "%s-headless" (include "mongodb.fullname" .) -}} - {{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Create a default mongo arbiter service name which can be overridden. -*/}} -{{- define "mongodb.arbiter.service.nameOverride" -}} - {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} - {{- print .Values.arbiter.service.nameOverride -}} - {{- else -}} - {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} - {{- end }} -{{- end }} - -{{/* -Return the proper MongoDB® image name -*/}} -{{- define "mongodb.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "mongodb.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mongodb.volumePermissions.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container auto-discovery image) -*/}} -{{- define "mongodb.externalAccess.autoDiscovery.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container dns-check image) -*/}} -{{- define "mongodb.externalAccess.dnsCheck.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.dnsCheck.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the TLS Certs image) -*/}} -{{- define "mongodb.tls.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mongodb.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image .Values.externalAccess.dnsCheck.image .Values.externalAccess.autoDiscovery.image) "context" $) -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "mongodb.namespace" -}} - {{- if and .Values.global .Values.global.namespaceOverride -}} - {{- print .Values.global.namespaceOverride -}} - {{- else -}} - {{- print .Release.Namespace -}} - {{- end }} -{{- end -}} -{{- define "mongodb.serviceMonitor.namespace" -}} - {{- if .Values.metrics.serviceMonitor.namespace -}} - {{- print .Values.metrics.serviceMonitor.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} -{{- define "mongodb.prometheusRule.namespace" -}} - {{- if .Values.metrics.prometheusRule.namespace -}} - {{- print .Values.metrics.prometheusRule.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} - -{{/* -Returns the proper service account name depending if an explicit service account name is set -in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create -is true or default otherwise. -*/}} -{{- define "mongodb.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} - {{- else -}} - {{- default "default" (print .Values.serviceAccount.name) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the list of custom users to create during the initialization (string format) -*/}} -{{- define "mongodb.customUsers" -}} - {{- $customUsers := list -}} - {{- if .Values.auth.username -}} - {{- $customUsers = append $customUsers .Values.auth.username }} - {{- end }} - {{- range .Values.auth.usernames }} - {{- $customUsers = append $customUsers . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customUsers)) -}} -{{- end -}} - -{{/* -Return the list of passwords for the custom users (string format) -*/}} -{{- define "mongodb.customPasswords" -}} - {{- $customPasswords := list -}} - {{- if .Values.auth.password -}} - {{- $customPasswords = append $customPasswords .Values.auth.password }} - {{- end }} - {{- range .Values.auth.passwords }} - {{- $customPasswords = append $customPasswords . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customPasswords)) -}} -{{- end -}} - -{{/* -Return the list of custom databases to create during the initialization (string format) -*/}} -{{- define "mongodb.customDatabases" -}} - {{- $customDatabases := list -}} - {{- if .Values.auth.database -}} - {{- $customDatabases = append $customDatabases .Values.auth.database }} - {{- end }} - {{- range .Values.auth.databases }} - {{- $customDatabases = append $customDatabases . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customDatabases)) -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration -*/}} -{{- define "mongodb.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® -*/}} -{{- define "mongodb.createConfigmap" -}} -{{- if and .Values.configuration (not .Values.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MongoDB® credentials -*/}} -{{- define "mongodb.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} - {{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MongoDB® -*/}} -{{- define "mongodb.createSecret" -}} -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mongodb.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get initial primary host to configure MongoDB cluster. -*/}} -{{- define "mongodb.initialPrimaryHost" -}} -{{ ternary ( printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain ) ( first .Values.externalAccess.service.publicNames ) ( empty .Values.externalAccess.service.publicNames ) }} -{{- end -}} - -{{/* -Init container definition to change/establish volume permissions. -*/}} -{{- define "mongodb.initContainer.volumePermissions" }} -- name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: {{ .Values.persistence.name | default "datadir" }} - mountPath: {{ .Values.persistence.mountPath }} -{{- end -}} - -{{/* -Init container definition to recover log dir. -*/}} -{{- define "mongodb.initContainer.prepareLogDir" }} -- name: log-dir - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - ln -sf /dev/stdout "/opt/bitnami/mongodb/logs/mongodb.log" - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /opt/bitnami/mongodb/logs - subPath: app-logs-dir -{{- end -}} - -{{/* -Init container definition to get external IP addresses. -*/}} -{{- define "mongodb.initContainers.autoDiscovery" -}} -- name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - # We need the service account token for contacting the k8s API - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir -{{- end -}} - -{{/* -Init container definition to wait external DNS names. -*/}} -{{- define "mongodb.initContainers.dnsCheck" -}} -- name: dns-check - image: {{ include "mongodb.externalAccess.dnsCheck.image" . }} - imagePullPolicy: {{ .Values.externalAccess.dnsCheck.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - # MONGODB_INITIAL_PRIMARY_HOST should be resolvable - while ! (getent ahosts "{{ include "mongodb.initialPrimaryHost" . }}" | grep STREAM); do - sleep 10 - done - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.externalAccess.dnsCheck.resources }} - resources: {{- toYaml .Values.externalAccess.dnsCheck.resources | nindent 12 }} - {{- else if ne .Values.externalAccess.dnsCheck.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.dnsCheck.resourcesPreset) | nindent 12 }} - {{- end }} -{{- end -}} - -{{/* -Return true if the Arbiter should be deployed -*/}} -{{- define "mongodb.arbiter.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Arbiter -*/}} -{{- define "mongodb.arbiter.configmapName" -}} -{{- if .Values.arbiter.existingConfigmap -}} - {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Arbiter -*/}} -{{- define "mongodb.arbiter.createConfigmap" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the Hidden should be deployed -*/}} -{{- define "mongodb.hidden.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Hidden -*/}} -{{- define "mongodb.hidden.configmapName" -}} -{{- if .Values.hidden.existingConfigmap -}} - {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Hidden -*/}} -{{- define "mongodb.hidden.createConfigmap" -}} -{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mongodb.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoverySA" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.replicaset.existingSecrets" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.hidden.existingSecrets" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate RBAC is created when using PSP */}} -{{- define "mongodb.validateValues.pspAndRBAC" -}} -{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} -mongodb: podSecurityPolicy.create, rbac.create - Both podSecurityPolicy.create and rbac.create must be true, if you want - to create podSecurityPolicy -{{- end -}} -{{- end -}} - -{{/* Validate values of MongoDB® - must provide a valid architecture */}} -{{- define "mongodb.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} -mongodb: architecture - Invalid architecture selected. Valid values are "standalone" and - "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases are necessary -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBs" -}} -{{- $customUsers := include "mongodb.customUsers" . -}} -{{- $customDatabases := include "mongodb.customDatabases" . -}} -{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases must be provided to create - custom users and databases during 1st initialization. - Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBsLength" -}} -{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases arrays should have the same length -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - service type for external access -*/}} -{{- define "mongodb.validateValues.externalAccessServiceType" -}} -{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} -mongodb: externalAccess.service.type - Available service type for external access are NodePort, LoadBalancer or ClusterIP. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list -*/}} -{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- $publicNamesListLength := len .Values.externalAccess.service.publicNames }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "LoadBalancer") -}} -{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerListLength 0) (eq $publicNamesListLength 0) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs, .Values.externalAccess.service.publicNames - externalAccess.service.loadBalancerIPs, externalAccess.service.publicNames or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. -{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerListLength )) (not (eq $loadBalancerListLength 0)) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs - Number of replicas ({{ $replicaCount }}) and loadBalancerIPs array length ({{ $loadBalancerListLength }}) must be the same. -{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $publicNamesListLength )) (not (eq $publicNamesListLength 0)) -}} -mongodb: .Values.externalAccess.service.publicNames - Number of replicas ({{ $replicaCount }}) and publicNames array length ({{ $publicNamesListLength }}) must be the same. -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than NodePort list -*/}} -{{- define "mongodb.validateValues.nodePortListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") -}} -{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $nodePortListLength 0) -}} -mongodb: .Values.externalAccess.service.nodePorts - externalAccess.service.nodePorts or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. -{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $nodePortListLength )) -}} -mongodb: .Values.externalAccess.service.nodePorts - Number of replicas ({{ $replicaCount }}) and nodePorts ({{ $nodePortListLength }}) array length must be the same. -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled -*/}} -{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} -mongodb: rbac.create - By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" - an initContainer will be used to autodetect the external IPs/ports by querying the - K8s API. Please note this initContainer requires specific RBAC resources. You can create them - by specifying "--set rbac.create=true". -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - automountServiceAccountToken should be enabled when autoDiscovery is enabled -*/}} -{{- define "mongodb.validateValues.externalAccessAutoDiscoverySA" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.automountServiceAccountToken ) }} -mongodb: automountServiceAccountToken - By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" - an initContainer will be used to autodetect the external IPs/ports by querying the - K8s API. Please note this initContainer requires a service account to access K8S API. - You can attach it to the pod by specifying "--set automountServiceAccountToken=true". -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - Number of replicaset secrets must be the same than number of replicaset nodes. -*/}} -{{- define "mongodb.validateValues.replicaset.existingSecrets" -}} -{{- if and .Values.tls.enabled (eq .Values.architecture "replicaset") (not (empty .Values.tls.replicaset.existingSecrets)) }} -{{- $nbSecrets := len .Values.tls.replicaset.existingSecrets -}} -{{- if not (eq $nbSecrets (int .Values.replicaCount)) }} -mongodb: tls.replicaset.existingSecrets - tls.replicaset.existingSecrets Number of secrets and number of replicaset nodes must be the same. -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - Number of hidden secrets must be the same than number of hidden nodes. -*/}} -{{- define "mongodb.validateValues.hidden.existingSecrets" -}} -{{- if and .Values.tls.enabled (include "mongodb.hidden.enabled" .) (not (empty .Values.tls.hidden.existingSecrets)) }} -{{- $nbSecrets := len .Values.tls.hidden.existingSecrets -}} -{{- if not (eq $nbSecrets (int .Values.hidden.replicaCount)) }} -mongodb: tls.hidden.existingSecrets - tls.hidden.existingSecrets Number of secrets and number of hidden nodes must be the same. -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults -*/}} -{{- define "mongodb.mongodb_exporter.uri" -}} - {{- $tlsEnabled := .Values.tls.enabled -}} - {{- $mTlsEnabled := and $tlsEnabled .Values.tls.mTLS.enabled -}} - {{- $tlsArgs := "" -}} - {{- if $tlsEnabled -}} - {{- $tlsCertKeyFile := ternary "&tlsCertificateKeyFile=/certs/mongodb.pem" "" $mTlsEnabled -}} - {{- $tlsArgs = printf "tls=true%s&tlsCAFile=/certs/mongodb-ca-cert" $tlsCertKeyFile -}} - {{- end -}} - {{- if .Values.metrics.username -}} - {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}} - {{- else -}} - {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "mongodb.createTlsSecret" -}} -{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (include "mongodb.autoGenerateCerts" .) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing MongoDB® TLS certificates -*/}} -{{- define "mongodb.tlsSecretName" -}} -{{- $secretName := .Values.tls.existingSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-ca" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if certificates must be auto generated -*/}} -{{- define "mongodb.autoGenerateCerts" -}} -{{- $standalone := (eq .Values.architecture "standalone") | ternary (not .Values.tls.standalone.existingSecret) true -}} -{{- $replicaset := (eq .Values.architecture "replicaset") | ternary (empty .Values.tls.replicaset.existingSecrets) true -}} -{{- $arbiter := (eq (include "mongodb.arbiter.enabled" .) "true") | ternary (not .Values.tls.arbiter.existingSecret) true -}} -{{- $hidden := (eq (include "mongodb.hidden.enabled" .) "true") | ternary (empty .Values.tls.hidden.existingSecrets) true -}} -{{- if and $standalone $replicaset $arbiter $hidden -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Generate argument list for mongodb-exporter -reference: https://github.com/percona/mongodb_exporter/blob/main/REFERENCE.md -*/}} -{{- define "mongodb.exporterArgs" -}} -{{- with .Values.metrics.collector -}} -{{- ternary " --collect-all" "" .all -}} -{{- ternary " --collector.diagnosticdata" "" .diagnosticdata -}} -{{- ternary " --collector.replicasetstatus" "" .replicasetstatus -}} -{{- ternary " --collector.dbstats" "" .dbstats -}} -{{- ternary " --collector.topmetrics" "" .topmetrics -}} -{{- ternary " --collector.indexstats" "" .indexstats -}} -{{- ternary " --collector.collstats" "" .collstats -}} -{{- if .collstatsColls -}} -{{- " --mongodb.collstats-colls=" -}} -{{- join "," .collstatsColls -}} -{{- end -}} -{{- if .indexstatsColls -}} -{{- " --mongodb.indexstats-colls=" -}} -{{- join "," .indexstatsColls -}} -{{- end -}} -{{- $limitArg := print " --collector.collstats-limit=" .collstatsLimit -}} -{{- ne (print .collstatsLimit) "0" | ternary $limitArg "" -}} -{{- end -}} -{{- ternary " --compatible-mode" "" .Values.metrics.compatibleMode -}} -{{- end -}} diff --git a/helm/mongodb/templates/common-scripts-cm.yaml b/helm/mongodb/templates/common-scripts-cm.yaml deleted file mode 100644 index 6f65de402..000000000 --- a/helm/mongodb/templates/common-scripts-cm.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- $fullname := include "mongodb.fullname" . }} - startup-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname. - TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert --tlsAllowInvalidHostnames' - {{- end }} - exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'if (!(db.hello().isWritablePrimary || db.hello().secondary)) { throw new Error("Not ready") }' - readiness-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname. - TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert --tlsAllowInvalidHostnames' - {{- end }} - # Run the proper check depending on the version - [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} - . /opt/bitnami/scripts/libversion.sh - VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" - VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" - VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" - readiness_test='db.isMaster().ismaster || db.isMaster().secondary' - if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then - readiness_test='db.hello().isWritablePrimary || db.hello().secondary' - fi - exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "if (!(${readiness_test})) { throw new Error(\"Not ready\") }" - ping-mongodb.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname. - TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert --tlsAllowInvalidHostnames' - {{- end }} - exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" - {{- if .Values.tls.enabled }} - generate-certs.sh: | - #!/bin/bash - {{- if (include "mongodb.autoGenerateCerts" .) }} - additional_ips=() - additional_names=() - while getopts "i:n:s:" flag - do - case "${flag}" in - i) read -a additional_ips <<< ${OPTARG//,/ } ;; - n) read -a additional_names <<< ${OPTARG//,/ } ;; - s) svc=${OPTARG// /} ;; - \?) exit 1 ;; - esac - done - - my_hostname=$(hostname) - cp /certs/CAs/* /certs/ - cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem - cd /certs/ - shopt -s extglob - rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) - chmod 0600 mongodb-ca-cert mongodb.pem - {{- else }} - {{- if eq .Values.architecture "standalone" }} - ID="0" - {{- else }} - if [[ "$MY_POD_NAME" =~ "arbiter-0"$ ]]; then - ID="0" - elif [[ "$MY_POD_NAME" =~ "hidden-"[0-9]{1,}$ ]]; then - ID="${MY_POD_NAME#"{{ printf "%s-hidden-" $fullname }}"}" - else - ID="${MY_POD_NAME#"{{ $fullname }}-"}" - fi - {{- end }} - - {{- if .Values.tls.pemChainIncluded }} - #Split the pem chain by the END CERTIFICATE string and store in files /certs/xx00, /certs/xx01 etc. - cat /certs-${ID}/tls.crt | csplit - -s -z '/\-*END CERTIFICATE\-*/+1' '{*}' -f /certs/xx - - #Use first certificate as leaf node and combine with key to store in pem file - cat "/certs/xx00" "/certs-${ID}/tls.key" > "/certs/mongodb.pem" - - #Use remaining intermediate certificates for ca.crt - echo $(find /certs/ -not -name 'xx00' -name 'xx*') | sort | xargs cat > "/certs/mongodb-ca-cert" - - rm -rf /certs/xx* - {{- else }} - cat "/certs-${ID}/tls.crt" "/certs-${ID}/tls.key" > "/certs/mongodb.pem" - cp "/certs-${ID}/ca.crt" "/certs/mongodb-ca-cert" - {{- end }} - - chmod 0600 /certs/mongodb-ca-cert /certs/mongodb.pem - {{- end }} - {{- end }} diff --git a/helm/mongodb/templates/configmap.yaml b/helm/mongodb/templates/configmap.yaml deleted file mode 100644 index 011044548..000000000 --- a/helm/mongodb/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "mongodb.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/helm/mongodb/templates/initialization-configmap.yaml b/helm/mongodb/templates/initialization-configmap.yaml deleted file mode 100644 index 2c1273cf6..000000000 --- a/helm/mongodb/templates/initialization-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{- end }} diff --git a/helm/mongodb/templates/psp.yaml b/helm/mongodb/templates/psp.yaml deleted file mode 100644 index 4b93f4f7b..000000000 --- a/helm/mongodb/templates/psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- if .Values.podSecurityPolicy.spec }} -{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} -{{- else }} - allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.fsGroup }} - max: {{ .Values.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: {{ .Values.podSecurityPolicy.privileged }} - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} -{{- end }} diff --git a/helm/mongodb/templates/role.yaml b/helm/mongodb/templates/role.yaml deleted file mode 100644 index 062e8f39f..000000000 --- a/helm/mongodb/templates/role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -{{- if .Values.rbac.rules }} -{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} -{{- end -}} -{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "mongodb.fullname" . }}] -{{- end -}} -{{- end }} diff --git a/helm/mongodb/templates/rolebinding.yaml b/helm/mongodb/templates/rolebinding.yaml deleted file mode 100644 index 7ff6b185d..000000000 --- a/helm/mongodb/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} -roleRef: - kind: Role - name: {{ include "mongodb.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} -{{- end }} diff --git a/helm/mongodb/templates/secrets-ca.yaml b/helm/mongodb/templates/secrets-ca.yaml deleted file mode 100644 index 932b0e6c8..000000000 --- a/helm/mongodb/templates/secrets-ca.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "mongodb.createTlsSecret" .) }} -{{- $secretName := printf "%s" (include "mongodb.tlsSecretName" .) }} -{{- $fullname := include "mongodb.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ template "mongodb.namespace" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} - {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} - mongodb-ca-cert: {{ b64enc $ca.Cert }} - mongodb-ca-key: {{ b64enc $ca.Key }} - {{- else }} - {{- $ca := genCA "myMongo-ca" 3650 }} - mongodb-ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "mongodb-ca-cert" "defaultValue" $ca.Cert "context" $) }} - mongodb-ca-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "mongodb-ca-key" "defaultValue" $ca.Key "context" $) }} - {{- end }} -{{- end }} diff --git a/helm/mongodb/templates/secrets.yaml b/helm/mongodb/templates/secrets.yaml deleted file mode 100644 index 4ff27c166..000000000 --- a/helm/mongodb/templates/secrets.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.auth.enabled }} -{{- $replicaCount := int .Values.replicaCount }} -{{- $port := .Values.service.ports.mongodb }} -{{- $host := include "mongodb.service.nameOverride" . }} -{{- $hostForURI := printf "%s:%s" (include "mongodb.service.nameOverride" .) (print $port) }} -{{- if (eq .Values.architecture "replicaset") }} - {{- $fullname := include "mongodb.fullname" . }} - {{- $releaseNamespace := include "mongodb.namespace" . }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $mongoList := list }} - {{- $mongoOnlyHostList := list }} - {{- range $e, $i := until $replicaCount }} - {{- $mongoOnlyHostList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s" $fullname $i $fullname $releaseNamespace $clusterDomain) }} - {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%s" $fullname $i $fullname $releaseNamespace $clusterDomain (print $port)) }} - {{- end }} - {{- $host = (join "," $mongoOnlyHostList) }} - {{- $hostForURI = (join "," $mongoList) }} -{{- end }} - -{{/* Root user section. */}} -{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.secretName" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) | trimAll "\"" | b64dec }} - -{{/* Custom user section. This chart allows creating multiple users */}} -{{- $customUsers := include "mongodb.customUsers" . }} -{{- $customDatabases := include "mongodb.customDatabases" . }} -{{- $customPasswords := include "mongodb.customPasswords" . }} -{{- $passwords := "" }} -{{- $passwordList := list -}} -{{- $customUsersList := list }} -{{- $customDatabasesList := list }} -{{- $customPasswordsList := list }} -{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} -{{- $customUsersList = splitList "," $customUsers }} -{{- $customDatabasesList = splitList "," $customDatabases }} -{{- if not (empty $customPasswords) }} -{{- $passwordList = $customPasswords }} -{{- $customPasswordsList = splitList "," $customPasswords }} -{{- else }} -{{- range $customUsersList }} -{{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) }} -{{- end -}} -{{- $passwordList = (join "," $customPasswordsList) }} -{{- end }} -{{- $passwords = include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.secretName" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) | trimAll "\"" | b64dec }} -{{- end }} - -{{- if (include "mongodb.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ template "mongodb.namespace" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mongodb-root-password: {{ print $rootPassword | b64enc | quote }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - mongodb-passwords: {{ print $passwords | b64enc | quote }} - {{- end }} - {{- if .Values.metrics.username }} - mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} - {{- end }} - {{- if eq .Values.architecture "replicaset" }} - mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} - {{- end }} -{{- end }} -{{- if .Values.serviceBindings.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-svcbind-root - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: servicebinding.io/mongodb -data: - provider: {{ print "bitnami" | b64enc | quote }} - type: {{ print "mongodb" | b64enc | quote }} - host: {{ print $host | b64enc | quote }} - port: {{ print $port | b64enc | quote }} - username: {{ print .Values.auth.rootUser | b64enc | quote }} - password: {{ print $rootPassword | b64enc | quote }} - database: {{ print "admin" | b64enc | quote }} - uri: {{ printf "mongodb://%s:%s@%s/admin" .Values.auth.rootUser $rootPassword $hostForURI | b64enc | quote }} -{{- range $e, $i := until (len $customUsersList) }} ---- -{{- $currentSecret := printf "%s-svcbind-%d" (include "common.names.fullname" $) $i }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $currentSecret }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: servicebinding.io/mongodb -data: - {{- $currentUser := index $customUsersList $i }} - {{- $currentDatabase := last $customDatabasesList }} - {{- if gt (len $customDatabasesList) $i }} - {{- $currentDatabase = index $customDatabasesList $i }} - {{- end }} - {{- $currentProvidedPassword := index $customPasswordsList $i }} - {{- $currentPassword := include "common.secrets.lookup" (dict "secret" $currentSecret "key" "password" "defaultValue" $currentProvidedPassword "context" $) | b64dec }} - provider: {{ print "bitnami" | b64enc | quote }} - type: {{ print "mongodb" | b64enc | quote }} - host: {{ print $host | b64enc | quote }} - port: {{ print $port | b64enc | quote }} - username: {{ print $currentUser | b64enc | quote }} - password: {{ print $currentPassword | b64enc | quote }} - database: {{ print $currentDatabase | b64enc | quote }} - uri: {{ printf "mongodb://%s:%s@%s/%s" $currentUser $currentPassword $hostForURI $currentDatabase | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/helm/mongodb/templates/serviceaccount.yaml b/helm/mongodb/templates/serviceaccount.yaml deleted file mode 100644 index b54e8a0d2..000000000 --- a/helm/mongodb/templates/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -secrets: - - name: {{ include "mongodb.secretName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/helm/mongodb/templates/standalone/dep-sts.yaml b/helm/mongodb/templates/standalone/dep-sts.yaml deleted file mode 100644 index fdf55f231..000000000 --- a/helm/mongodb/templates/standalone/dep-sts.yaml +++ /dev/null @@ -1,498 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} -kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if or .Values.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - replicas: {{ gt (.Values.replicaCount | int) 1 | ternary 1 .Values.replicaCount }} - {{- if .Values.useStatefulSet }} - serviceName: {{ include "mongodb.service.nameOverride" . }} - {{- end }} - {{- if .Values.updateStrategy}} - {{- if .Values.useStatefulSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end}} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: mongodb - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: mongodb - {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} - annotations: - {{- if (include "mongodb.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{ if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - enableServiceLinks: {{ .Values.enableServiceLinks }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - {{- include "mongodb.initContainer.volumePermissions" . | indent 8 }} - {{- end }} - {{- include "mongodb.initContainer.prepareLogDir" . | nindent 8 }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if (include "mongodb.autoGenerateCerts" .) }} - - name: certs-volume - mountPath: /certs/CAs - {{- else }} - - name: mongodb-certs-0 - mountPath: /certs-0 - {{- end }} - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /bitnami/scripts - command: - - /bitnami/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.service.nameOverride" . }} - {{- if .Values.externalAccess.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} - {{- end }} - {{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }} - - -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- include "common.tplvalues.render" (dict "value" .Values.tls.resources "context" $) | nindent 12 }} - {{- else if ne .Values.tls.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.tls.securityContext }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tls.securityContext "context" $) | nindent 12 }} - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- if .Values.tls.mTLS.enabled }} - {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }} - {{- end }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: mongodb - containerPort: {{ .Values.containerPorts.mongodb }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bitnami/scripts/ping-mongodb.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bitnami/scripts/readiness-probe.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bitnami/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/mongodb/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /opt/bitnami/mongodb/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/mongodb/logs - subPath: app-logs-dir - - name: empty-dir - mountPath: /.mongodb - subPath: mongosh-home - - name: {{ .Values.persistence.name | default "datadir" }} - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - - name: common-scripts - mountPath: /bitnami/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPort }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.resources "context" $) | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0550 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.configmapName" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - {{- if (include "mongodb.autoGenerateCerts" .) }} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- else }} - - name: mongodb-certs-0 - secret: - secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.standalone.existingSecret "context" $) }} - defaultMode: 256 - {{- end }} - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: {{ .Values.persistence.name | default "datadir" }} - {{- if .Values.persistence.medium }} - emptyDir: - medium: {{ .Values.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.persistence.existingClaim }} - - name: {{ .Values.persistence.name | default "datadir" }} - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} - {{- else if not .Values.useStatefulSet }} - - name: {{ .Values.persistence.name | default "datadir" }} - persistentVolumeClaim: - claimName: {{ template "mongodb.fullname" . }} - {{- else }} - {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: {{ .Values.persistence.name | default "datadir" }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.persistence.labels }} - labels: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.labels "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} -{{- end }} diff --git a/helm/mongodb/templates/standalone/pdb.yaml b/helm/mongodb/templates/standalone/pdb.yaml deleted file mode 100644 index d11b39a53..000000000 --- a/helm/mongodb/templates/standalone/pdb.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (not (eq .Values.architecture "replicaset")) .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable) }} - maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/helm/mongodb/templates/standalone/pvc.yaml b/helm/mongodb/templates/standalone/pvc.yaml deleted file mode 100644 index 16098580e..000000000 --- a/helm/mongodb/templates/standalone/pvc.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - annotations: - {{- if .Values.persistence.resourcePolicy }} - helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} - {{- end }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} -{{- end }} diff --git a/helm/mongodb/templates/standalone/svc.yaml b/helm/mongodb/templates/standalone/svc.yaml deleted file mode 100644 index c1ec6f74a..000000000 --- a/helm/mongodb/templates/standalone/svc.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.service.nameOverride" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if or .Values.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if (eq .Values.service.type "LoadBalancer") }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: {{ .Values.service.portName | quote }} - port: {{ .Values.service.ports.mongodb }} - targetPort: mongodb - {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} - nodePort: {{ .Values.service.nodePorts.mongodb }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/helm/mongodb/values.schema.json b/helm/mongodb/values.schema.json deleted file mode 100644 index 3eb6a64ce..000000000 --- a/helm/mongodb/values.schema.json +++ /dev/null @@ -1,232 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MongoDB® architecture", - "form": true, - "description": "Allowed values: `standalone` or `replicaset`" - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Authentication", - "form": true - }, - "rootUser": { - "type": "string", - "title": "MongoDB® admin user", - "form": true, - "description": "Name of the admin user. Default is root" - }, - "rootPassword": { - "type": "string", - "title": "MongoDB® admin password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "database": { - "type": "string", - "title": "MongoDB® custom database", - "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", - "form": true - }, - "username": { - "type": "string", - "title": "MongoDB® custom user", - "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", - "form": true - }, - "password": { - "type": "string", - "title": "Password for MongoDB® custom user", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "replicaSetKey": { - "type": "string", - "title": "Key used for replica set authentication", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of MongoDB® replicas", - "hidden": { - "value": "standalone", - "path": "architecture" - } - }, - "configuration": { - "type": "string", - "title": "MongoDB® Custom Configuration", - "form": true, - "render": "textArea" - }, - "arbiter": { - "type": "object", - "title": "Arbiter configuration", - "form": true, - "properties": { - "configuration": { - "type": "string", - "title": "Arbiter Custom Configuration", - "form": true, - "render": "textArea", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "networkPolicy": { - "type": "object", - "title": "Network policy configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable network policy", - "description": "Enable network policy using Kubernetes native NP", - "hidden": { - "value": false, - "path": "networkPolicy/enabled" - } - }, - "ingress": { - "type": "object", - "properties": { - "namespaceSelector": { - "type": "object", - "title": "Namespace selector label that is allowed to access this instance", - "hidden": { - "value": {}, - "path": "networkPolicy/ingress/namespaceSelector" - } - }, - "podSelector": { - "type": "object", - "title": "Pod selector label that is allowed to access this instance", - "hidden": { - "value": {}, - "path": "networkPolicy/ingress/podSelector" - } - }, - "customRules": { - "type": "array", - "title": "Custom rules for ingress network policy", - "hidden": { - "value": [], - "path": "networkPolicy/ingress/customRules" - } - } - } - }, - "egress": { - "type": "object", - "properties": { - "customRules": { - "type": "array", - "title": "Custom rules for egress network policy", - "hidden": { - "value": [], - "path": "networkPolicy/egress/customRules" - } - } - } - } - } - }, - "persistence": { - "type": "object", - "title": "Persistence configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "persistence/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "hidden": { - "value": false, - "path": "persistence/enabled" - }, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/helm/mongodb/values.yaml b/helm/mongodb/values.yaml deleted file mode 100644 index 1bab68053..000000000 --- a/helm/mongodb/values.yaml +++ /dev/null @@ -1,2501 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead -## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - defaultStorageClass: "" - storageClass: "" - namespaceOverride: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters -## - -## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override mongodb.fullname template -## -fullnameOverride: "mongodb" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## extraDeploy: -## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar -## for dynamically discovering the mongodb primary pod -## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) -## - apiVersion: v1 -## kind: Service -## metadata: -## name: mongodb-primary -## namespace: the-mongodb-namespace -## labels: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/managed-by: Helm -## app.kubernetes.io/name: mongodb -## spec: -## type: NodePort -## externalTrafficPolicy: Cluster -## ports: -## - name: mongodb -## port: 30001 -## nodePort: 30001 -## protocol: TCP -## targetPort: mongodb -## selector: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/name: mongodb -## primary: "true" -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used -## i.e. topologyKey: topology.kubernetes.io/zone -## -topologyKey: "" -## @param serviceBindings.enabled Create secret for service binding (Experimental) -## Ref: https://servicebinding.io/service-provider/ -## -serviceBindings: - enabled: false -## @param enableServiceLinks Whether information about services should be injected into pod's environment variable -## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace. -## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`. -## -enableServiceLinks: true -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity -## @section MongoDB(®) parameters -## - -## Bitnami MongoDB(®) image -## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ -## @param image.registry [default: REGISTRY_NAME] MongoDB(®) image registry -## @param image.repository [default: REPOSITORY_NAME/mongodb] MongoDB(®) image registry -## @skip image.tag MongoDB(®) image tag (immutable tags are recommended) -## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy MongoDB(®) image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Set to true if you would like to see extra information on logs - -## -image: - registry: docker.io - repository: mongo - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param schedulerName Name of the scheduler (other than default) to dispatch pods -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) -## -architecture: standalone -## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) -## -useStatefulSet: false -## MongoDB(®) Authentication parameters -## -auth: - ## @param auth.enabled Enable authentication - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: false - ## @param auth.rootUser MongoDB(®) root user - ## - rootUser: root - ## @param auth.rootPassword MongoDB(®) root password - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run - ## - rootPassword: "" - ## MongoDB(®) custom users and databases - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run - ## @param auth.usernames List of custom users to be created during the initialization - ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` - ## @param auth.databases List of custom databases to be created during the initialization - ## - usernames: [] - passwords: [] - databases: [] - ## @param auth.username DEPRECATED: use `auth.usernames` instead - ## @param auth.password DEPRECATED: use `auth.passwords` instead - ## @param auth.database DEPRECATED: use `auth.databases` instead - ## - username: "" - password: "" - database: "" - ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) - ## - replicaSetKey: "" - ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) - ## NOTE: When it's set the previous parameters are ignored. - ## - existingSecret: "" -tls: - ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes - ## - enabled: false - mTLS: - ## @param tls.mTLS.enabled IF TLS support is enabled, require clients to provide certificates - enabled: true - ## @param tls.autoGenerated Generate a custom CA and self-signed certificates - ## - autoGenerated: true - ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`) - ## NOTE: When it's set it will disable secret creation. - ## - existingSecret: "" - ## Add Custom CA certificate - ## @param tls.caCert Custom CA certificated (base64 encoded) - ## @param tls.caKey CA certificate private key (base64 encoded) - ## - caCert: "" - caKey: "" - ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. - ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA. - ## - pemChainIncluded: false - standalone: - ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. - ## NOTE: When it's set it will disable certificate self-generation from existing CA. - ## - existingSecret: "" - replicaset: - ## @param tls.replicaset.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. - ## existingSecrets: - ## - "mySecret-0" - ## - "mySecret-1" - ## NOTE: When it's set it will disable certificate self-generation from existing CA. - ## - existingSecrets: [] - hidden: - ## @param tls.hidden.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. - ## existingSecrets: - ## - "mySecret-0" - ## - "mySecret-1" - ## NOTE: When it's set it will disable certificate self-generation from existing CA. - ## - existingSecrets: [] - arbiter: - ## @param tls.arbiter.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. - ## NOTE: When it's set it will disable certificate self-generation from existing CA. - ## - existingSecret: "" - ## Bitnami Nginx image - ## @param tls.image.registry [default: REGISTRY_NAME] Init container TLS certs setup image registry - ## @param tls.image.repository [default: REPOSITORY_NAME/nginx] Init container TLS certs setup image repository - ## @skip tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) - ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy - ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array - ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.27.2-debian-12-r0 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## e.g: - ## extraDnsNames - ## "DNS.6": "$my_host" - ## "DNS.7": "$test" - ## - extraDnsNames: [] - ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) - ## - mode: requireTLS - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init Container securityContext - ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/ - ## @param tls.securityContext Init container generate-tls-cert Security context - ## - securityContext: - runAsUser: 0 - ## Example: - ## allowPrivilegeEscalation: false - ## capabilities: - ## drop: ["ALL"] - ## -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: false -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## -replicaSetName: rs0 -## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## Ignored when externalAccess.enabled=true -## -replicaSetHostnames: true -## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) -## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-ipv6 -## -enableIPv6: false -## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) -## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-directoryperdb -## -directoryPerDB: false -## MongoDB(®) System Log configuration -## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#configuring-system-log-verbosity-level -## @param systemLogVerbosity MongoDB(®) system log verbosity level -## @param disableSystemLog Switch to enable/disable MongoDB(®) system log -## -systemLogVerbosity: 0 -disableSystemLog: false -## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution -## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ -## -disableJavascript: false -## @param enableJournal Switch to enable/disable MongoDB(®) Journaling -## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled -## -enableJournal: false -## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes -## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ -## Example: -## configuration: |- -## # where and how to store data. -## storage: -## dbPath: /bitnami/mongodb/data/db -## journal: -## enabled: true -## directoryPerDB: false -## # where to write logging data -## systemLog: -## destination: file -## quiet: false -## logAppend: true -## logRotate: reopen -## path: /opt/bitnami/mongodb/logs/mongodb.log -## verbosity: 0 -## # network interfaces -## net: -## port: 27017 -## unixDomainSocket: -## enabled: true -## pathPrefix: /opt/bitnami/mongodb/tmp -## ipv6: false -## bindIpAll: true -## # replica set options -## #replication: -## #replSetName: replicaset -## #enableMajorityReadConcern: true -## # process management options -## processManagement: -## fork: false -## pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid -## # set parameter options -## setParameter: -## enableLocalhostAuthBypass: true -## # security options -## security: -## authorization: disabled -## #keyFile: /opt/bitnami/mongodb/conf/keyfile -## -configuration: "" -## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) -## If enabled, these are applied by a script which is called within setup.sh -## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields -## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings -## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings -## -replicaSetConfigurationSettings: - enabled: false - configuration: {} -## Custom configurations for individual replica set members. -## Use the prefix 'members[X].' to apply settings to the member X of the replica set. -## Example: 'members[0].priority: 3' sets the priority of the first replica set member to 3. -## The index X in 'members[X]' corresponds to the member's position in the replica set. -## members[0].priority: 3 -## chainingAllowed : false -## heartbeatTimeoutSecs : 10 -## heartbeatIntervalMillis : 2000 -## electionTimeoutMillis : 10000 -## catchUpTimeoutMillis : 30000 -## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes -## NOTE: When it's set the arbiter.configuration parameter is ignored -## -existingConfigmap: "" -## @param initdbScripts Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts -## -initdbScriptsConfigMap: "" -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## @param args Override default container args (useful when using custom images) -## -command: [] -args: [] -## @param extraFlags MongoDB(®) additional command line flags -## Example: -## extraFlags: -## - "--wiredTigerCacheSizeGB=2" -## -extraFlags: [] -## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods -## E.g: -## extraEnvVars: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @section MongoDB(®) statefulset parameters -## - -## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template -## -annotations: {} -## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template -## -labels: {} -## @param replicaCount Number of MongoDB(®) nodes -## When `mongodb.architecture=replicaset`, the number of replicas is taken in account -## When `mongodb.architecture=standalone`, the number of replicas can only be 0 or 1 (value higher then 1 will not be taken in account) -## -replicaCount: 2 -## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, -## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param podManagementPolicy Pod management policy for MongoDB(®) -## Should be initialized one by one when building the replicaset for the first time -## -podManagementPolicy: OrderedReady -## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity MongoDB(®) Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector MongoDB(®) Node labels for pod assignment -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## @param tolerations MongoDB(®) Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] -## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period -## -terminationGracePeriodSeconds: "" -## @param podLabels MongoDB(®) pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations MongoDB(®) Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" -## MongoDB(®) pods' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) -## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' -## -podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - supplementalGroups: [] - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## MongoDB(®) containers' Security Context (main and metrics container). -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: false - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## MongoDB(®) containers' resource requests and limits. -## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "small" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## @param containerPorts.mongodb MongoDB(®) container port -## -containerPorts: - mongodb: 27017 -## MongoDB(®) pods' liveness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 -## MongoDB(®) pods' readiness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Slow starting containers can be protected through startup probes -## Startup probes are available in Kubernetes version 1.16 and above -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 30 -## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers -## Ignored when livenessProbe.enabled=true -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers -## Ignored when readinessProbe.enabled=true -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe for MongoDB(®) containers -## Ignored when startupProbe.enabled=true -## -customStartupProbe: {} -## @param initContainers Add additional init containers for the hidden node pod(s) -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod -## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose -## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example -## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods -## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work -## -## - name: mongo-labeler -## image: korenlev/k8s-mongo-labeler-sidecar -## imagePullPolicy: Always -## env: -## - name: LABEL_SELECTOR -## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" -## - name: NAMESPACE -## value: "the-mongodb-namespace" -## - name: DEBUG -## value: "true" -## -sidecars: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset -## extraVolumes: -## - name: extras -## emptyDir: {} -## -extraVolumes: [] -## MongoDB(®) Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) - ## - create: true - ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction - ## - minAvailable: "" - ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. - ## - maxUnavailable: "" -## @section Traffic exposure parameters -## - -## Service parameters -## -service: - ## @param service.nameOverride MongoDB(®) service name - ## - nameOverride: "mongodb-service" - ## @param service.type Kubernetes Service type (only for standalone architecture) - ## - type: ClusterIP - ## @param service.portName MongoDB(®) service port name (only for standalone architecture) - ## - portName: mongodb - ## @param service.ports.mongodb MongoDB(®) service port. - ## - ports: - mongodb: 27017 - ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - mongodb: "" - ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## - externalIPs: [] - ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerClass loadBalancerClass for MongoDB(®) Service (only for standalone architecture) - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class - loadBalancerClass: "" - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - loadBalancerSourceRanges: [] - ## @param service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - ## - allocateLoadBalancerNodePorts: true - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Provide any additional annotations that may be required - ## - annotations: {} - ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Headless service properties - ## - headless: - ## @param service.headless.annotations Annotations for the headless service. - ## - annotations: {} -## External Access to MongoDB(®) nodes configuration -## -externalAccess: - ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) - ## - enabled: false - ## External IPs auto-discovery configuration - ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API - ## Note: RBAC might be required - ## - autoDiscovery: - ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API - ## - enabled: false - ## Bitnami Kubectl image - ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ - ## @param externalAccess.autoDiscovery.image.registry [default: REGISTRY_NAME] Init container auto-discovery image registry - ## @param externalAccess.autoDiscovery.image.repository [default: REPOSITORY_NAME/kubectl] Init container auto-discovery image repository - ## @skip externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) - ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy - ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.31.1-debian-12-r3 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param externalAccess.autoDiscovery.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param externalAccess.autoDiscovery.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container what mission is ensure public names can be resolved. - ## - dnsCheck: - ## Bitnami os-shell image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param externalAccess.dnsCheck.image.registry [default: REGISTRY_NAME] Init container dns-check image registry - ## @param externalAccess.dnsCheck.image.repository [default: REPOSITORY_NAME/kubectl] Init container dns-check image repository - ## @skip externalAccess.dnsCheck.image.tag Init container dns-check image tag (immutable tags are recommended) - ## @param externalAccess.dnsCheck.image.digest Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param externalAccess.dnsCheck.image.pullPolicy Init container dns-check image pull policy - ## @param externalAccess.dnsCheck.image.pullSecrets Init container dns-check image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r31 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param externalAccess.dnsCheck.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param externalAccess.dnsCheck.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes. - ## @param externalAccess.externalMaster.enabled Use external master for bootstrapping - ## @param externalAccess.externalMaster.host External master host to bootstrap from - ## @param externalAccess.externalMaster.port Port for MongoDB(®) service external master host - ## - externalMaster: - enabled: false - host: "" - port: 27017 - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP - ## - type: LoadBalancer - ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.service.publicNames Array of public names. The size should be equal to the number of replicas. - ## - publicNames: [] - ## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class - loadBalancerClass: "" - ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - ## - allocateLoadBalancerNodePorts: true - ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.service.annotations Service annotations for external access. These annotations are common for all services created. - ## - annotations: {} - ## @param externalAccess.service.annotationsList Service annotations for eache external service. This value contains a list allowing different annotations per each external service. - ## Eg: - ## annotationsList: - ## - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com - ## - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com - ## - annotationsList: [] - ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## External Access to MongoDB(®) Hidden nodes configuration - ## - hidden: - ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes - ## - enabled: false - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer - ## - type: LoadBalancer - ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.hidden.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class - loadBalancerClass: "" - ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.hidden.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - ## - allocateLoadBalancerNodePorts: true - ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.hidden.service.annotations Service annotations for external access - ## - annotations: {} - ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} -## @section Network policy parameters -## - -## Network Policies -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. - ## - addExternalClientAccess: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. - ## e.g: - ## ingressPodMatchLabels: - ## my-client: "true" - # - ingressPodMatchLabels: {} - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -persistence: - ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC - ## - enabled: true - ## @param persistence.name Name of the PVC and mounted volume - ## - name: "datadir" - ## @param persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires persistence.enabled: false - ## - medium: "" - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## Ignored when mongodb.architecture=replicaset - ## - existingClaim: "" - ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted - ## - resourcePolicy: "" - ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for MongoDB(®) data volume - ## - size: 30Gi - ## @param persistence.annotations PVC annotations - ## - annotations: {} - ## @param persistence.labels PVC labels - ## - labels: {} - ## @param persistence.mountPath Path to mount the volume at - ## MongoDB(®) images. - ## - mountPath: /bitnami/mongodb - ## @param persistence.subPath Subdirectory of the volume to mount at - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate - ## - dataSource: {} -## Persistent Volume Claim Retention Policy -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention -## -persistentVolumeClaimRetentionPolicy: - ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for MongoDB(®) Statefulset - ## - enabled: false - ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## - whenScaled: Retain - ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - whenDeleted: Retain -## @section Backup parameters -## This section implements a trivial logical dump cronjob of the database. -## This only comes with the consistency guarantees of the dump program. -## This is not a snapshot based roll forward/backward recovery backup. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ -## -backup: - ## @param backup.enabled Enable the logical dump of the database "regularly" - ## - enabled: false - ## Fine tuning cronjob's config - ## - cronjob: - ## @param backup.cronjob.schedule Set the cronjob parameter schedule - ## - schedule: "@daily" - ## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy - ## - concurrencyPolicy: Allow - ## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit - ## - failedJobsHistoryLimit: 1 - ## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit - ## - successfulJobsHistoryLimit: 3 - ## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds - ## - startingDeadlineSeconds: "" - ## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished - ## - ttlSecondsAfterFinished: "" - ## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy - ## - restartPolicy: OnFailure - ## @param backup.cronjob.backoffLimit Set the cronjob parameter backoffLimit - backoffLimit: 6 - ## backup container's Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context - ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged - ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: false - seLinuxOptions: {} - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: true - privileged: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param backup.cronjob.command Set backup container's command to run - ## - command: [] - ## @param backup.cronjob.labels Set the cronjob labels - ## - labels: {} - ## @param backup.cronjob.annotations Set the cronjob annotations - ## - annotations: {} - ## Backup container's - ## - storage: - ## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted - ## - resourcePolicy: "" - ## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param backup.cronjob.storage.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume - ## - size: 30Gi - ## @param backup.cronjob.storage.annotations PVC annotations - ## - annotations: {} - ## @param backup.cronjob.storage.mountPath Path to mount the volume at - ## - mountPath: /backup/mongodb - ## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} -## @section RBAC parameters -## - -## ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods - ## - create: true - ## @param serviceAccount.name Name of the created serviceAccount - ## If not set and create is true, a name is generated using the mongodb.fullname template - ## - name: "" - ## @param serviceAccount.annotations Additional Service Account annotations - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: false -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## binding MongoDB(®) ServiceAccount to a role - ## that allows MongoDB(®) pods querying the K8s API - ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery - ## - create: false - ## @param rbac.rules Custom rules to create following the role specification - ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - watch - ## - update - ## - rules: [] -## PodSecurityPolicy configuration -## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation - ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` - ## - allowPrivilegeEscalation: false - ## @param podSecurityPolicy.privileged Allow privileged - ## - privileged: false - ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## Defining a spec ignores the above values. - ## - spec: {} - ## Example: - ## allowPrivilegeEscalation: false - ## fsGroup: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## hostIPC: false - ## hostNetwork: false - ## hostPID: false - ## privileged: false - ## readOnlyRootFilesystem: true - ## requiredDropCapabilities: - ## - ALL - ## runAsUser: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## seLinux: - ## rule: 'RunAsAny' - ## supplementalGroups: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## volumes: - ## - 'configMap' - ## - 'secret' - ## - 'emptyDir' - ## - 'persistentVolumeClaim' - ## -## @section Volume Permissions parameters -## -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository - ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r31 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false - ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container - ## - securityContext: - seLinuxOptions: {} - runAsUser: 0 -## @section Arbiter parameters -## -arbiter: - ## @param arbiter.enabled Enable deploying the arbiter - ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ - ## - enabled: true - ## @param arbiter.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param arbiter.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param arbiter.configuration Arbiter configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration - ## NOTE: When it's set the arbiter.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param arbiter.command Override default container command (useful when using custom images) - ## @param arbiter.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param arbiter.extraFlags Arbiter additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset - ## - annotations: {} - ## @param arbiter.labels Annotations to be added to the Arbiter statefulset - ## - labels: {} - ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) - ## Should be initialized one by one when building the replicaset for the first time - ## - podManagementPolicy: OrderedReady - ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param arbiter.affinity Arbiter Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param arbiter.tolerations Arbiter Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param arbiter.podLabels Arbiter pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param arbiter.podAnnotations Arbiter Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Arbiter pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context - ## @param arbiter.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param arbiter.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) - ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - supplementalGroups: [] - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Arbiter containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param arbiter.containerSecurityContext.enabled Enabled containers' Security Context - ## @param arbiter.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param arbiter.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param arbiter.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param arbiter.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param arbiter.containerSecurityContext.privileged Set container's Security Context privileged - ## @param arbiter.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param arbiter.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param arbiter.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param arbiter.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: false - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## MongoDB(®) Arbiter containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param arbiter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "small" - ## @param arbiter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port - ## - containerPorts: - mongodb: 27017 - ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.livenessProbe.enabled Enable livenessProbe - ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 3 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.readinessProbe.enabled Enable readinessProbe - ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 3 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.startupProbe.enabled Enable startupProbe - ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers - ## Ignored when arbiter.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers - ## Ignored when arbiter.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers - ## Ignored when arbiter.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Arbiter Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) - ## - create: true - ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled - ## - minAvailable: "" - ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable. Defaults to `1` if both `arbiter.pdb.minAvailable` and `arbiter.pdb.maxUnavailable` are empty. - ## - maxUnavailable: "" - ## MongoDB(®) Arbiter service parameters - ## - service: - ## @param arbiter.service.nameOverride The arbiter service name - ## - nameOverride: "" - ## @param arbiter.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param arbiter.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - ## Headless service properties - ## - headless: - ## @param arbiter.service.headless.annotations Annotations for the headless service. - ## - annotations: {} -## @section Hidden Node parameters -## -hidden: - ## @param hidden.enabled Enable deploying the hidden nodes - ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ - ## - enabled: false - ## @param hidden.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param hidden.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param hidden.configuration Hidden node configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration - ## NOTE: When it's set the hidden.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param hidden.command Override default container command (useful when using custom images) - ## @param hidden.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param hidden.extraFlags Hidden node additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param hidden.annotations Additional labels to be added to thehidden node statefulset - ## - annotations: {} - ## @param hidden.labels Annotations to be added to the hidden node statefulset - ## - labels: {} - ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) - ## Ignored when mongodb.architecture=standalone - ## - replicaCount: 1 - ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param hidden.podManagementPolicy Pod management policy for hidden node - ## - podManagementPolicy: OrderedReady - ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param hidden.affinity Hidden node Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param hidden.nodeSelector Hidden node Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param hidden.tolerations Hidden node Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param hidden.podLabels Hidden node pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param hidden.podAnnotations Hidden node Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Hidden pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context - ## @param hidden.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param hidden.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) - ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - supplementalGroups: [] - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Hidden containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param hidden.containerSecurityContext.enabled Enabled containers' Security Context - ## @param hidden.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param hidden.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param hidden.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param hidden.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param hidden.containerSecurityContext.privileged Set container's Security Context privileged - ## @param hidden.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param hidden.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param hidden.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param hidden.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: false - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## MongoDB(®) Hidden containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param hidden.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port - ## - containerPorts: - mongodb: 27017 - ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.livenessProbe.enabled Enable livenessProbe - ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.readinessProbe.enabled Enable readinessProbe - ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param hidden.startupProbe.enabled Enable startupProbe - ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe - ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers - ## Ignored when hidden.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers - ## Ignored when hidden.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when hidden.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Hidden Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) - ## - create: true - ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled - ## - minAvailable: "" - ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable. Defaults to `1` if both `hidden.pdb.minAvailable` and `hidden.pdb.maxUnavailable` are empty. - ## - maxUnavailable: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC - ## - enabled: true - ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires hidden.persistence.enabled: false - ## - medium: "" - ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param hidden.persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param hidden.persistence.size PVC Storage Request for hidden node data volume - ## - size: 30Gi - ## @param hidden.persistence.annotations PVC annotations - ## - annotations: {} - ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. - ## - mountPath: /bitnami/mongodb - ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource - ## - dataSource: {} - service: - ## @param hidden.service.portName MongoDB(®) service port name - ## - portName: "mongodb" - ## @param hidden.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param hidden.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - ## Headless service properties - ## - headless: - ## @param hidden.service.headless.annotations Annotations for the headless service. - ## - annotations: {} -## @section Metrics parameters -## -metrics: - ## @param metrics.enabled Enable using a sidecar Prometheus exporter - ## - enabled: false - ## Bitnami MongoDB(®) Promtheus Exporter image - ## ref: https://hub.docker.com/r/bitnami/mongodb-exporter/tags/ - ## @param metrics.image.registry [default: REGISTRY_NAME] MongoDB(®) Prometheus exporter image registry - ## @param metrics.image.repository [default: REPOSITORY_NAME/mongodb-exporter] MongoDB(®) Prometheus exporter image repository - ## @skip metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/mongodb-exporter - tag: 0.41.1-debian-12-r1 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.username String with username for the metrics exporter - ## If undefined the root user will be used for the metrics exporter - ## - username: "" - ## @param metrics.password String with password for the metrics exporter - ## If undefined but metrics.username is defined, a random password will be generated - ## - password: "" - ## @param metrics.compatibleMode Enables old style mongodb-exporter metrics - compatibleMode: true - collector: - ## @param metrics.collector.all Enable all collectors. Same as enabling all individual metrics - ## Enabling all metrics will cause significant CPU load on mongod - all: false - ## @param metrics.collector.diagnosticdata Boolean Enable collecting metrics from getDiagnosticData - diagnosticdata: true - ## @param metrics.collector.replicasetstatus Boolean Enable collecting metrics from replSetGetStatus - replicasetstatus: true - ## @param metrics.collector.dbstats Boolean Enable collecting metrics from dbStats - dbstats: false - ## @param metrics.collector.topmetrics Boolean Enable collecting metrics from top admin command - topmetrics: false - ## @param metrics.collector.indexstats Boolean Enable collecting metrics from $indexStats - indexstats: false - ## @param metrics.collector.collstats Boolean Enable collecting metrics from $collStats - collstats: false - ## @param metrics.collector.collstatsColls List of \.\ to get $collStats - collstatsColls: [] - ## @param metrics.collector.indexstatsColls List - List of \.\ to get $indexStats - indexstatsColls: [] - ## @param metrics.collector.collstatsLimit Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \ collections. 0=No limit - collstatsLimit: 0 - ## @param metrics.extraFlags String with extra flags to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/main/main.go - ## - extraFlags: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param metrics.command Override default container command (useful when using custom images) - ## @param metrics.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## Metrics exporter container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param metrics.containerPort Port of the Prometheus metrics container - ## - containerPort: 9216 - ## Prometheus Exporter service configuration - ## - service: - ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - prometheus.io/path: "/metrics" - ## @param metrics.service.type Type of the Prometheus metrics service - ## - type: ClusterIP - ## @param metrics.service.ports.metrics Port of the Prometheus metrics service - ## - ports: - metrics: 9216 - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## Metrics exporter liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 10 - failureThreshold: 3 - successThreshold: 1 - ## Metrics exporter readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 10 - failureThreshold: 3 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param metrics.startupProbe.enabled Enable startupProbe - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers - ## Ignored when livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers - ## Ignored when readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the metrics container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## - enabled: false - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created - ## - namespace: "" - ## @param metrics.prometheusRule.rules Rules to be created, check values for an example - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - ## - ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets - ## rules: - ## - alert: HighRequestLatency - ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 - ## for: 10m - ## labels: - ## severity: page - ## annotations: - ## summary: High request latency - ## - rules: [] From a5ea1496feee9443aabf182d237d7f52d2cde496 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Fri, 2 May 2025 08:29:47 -0700 Subject: [PATCH 09/12] adjust nginx to support large client body sizes --- etl.yaml | 50 +------------------ .../templates/elasticsearch-pv.yaml | 2 +- .../gen3.nginx.conf/grip-service.conf | 2 + helm/revproxy/nginx/nginx.conf | 22 ++++---- 4 files changed, 15 insertions(+), 61 deletions(-) diff --git a/etl.yaml b/etl.yaml index 47c91a2b1..3205fa9f1 100644 --- a/etl.yaml +++ b/etl.yaml @@ -11,25 +11,14 @@ spec: configMap: name: gen3-credentials - - name: sheepdog-dbcreds - secret: - secretName: sheepdog-dbcreds - - name: useryaml configMap: name: useryaml - - name: studies-mount - hostPath: - path: /Users/walsbr/aced/data_model/studies - - - name: output-mount - hostPath: - path: /Users/walsbr/aced/data_model/output containers: - name: container-configmap - image: quay.io/ohsu-comp-bio/aced-etl:development + image: quay.io/ohsu-comp-bio/aced-etl:feature_parent-specimens imagePullPolicy: Always volumeMounts: # Gen3 credentials file @@ -37,53 +26,16 @@ spec: mountPath: /creds/credentials.json subPath: credentials.json - # Sheepdog creds, secrets defined in helm/sheepdog/templates/deployment.yaml - - name: sheepdog-dbcreds - mountPath: /creds/sheepdog-creds # User yaml, configmap defined in helm/fence/templates/useryaml-job.yaml - name: useryaml mountPath: /creds/user.yaml subPath: useryaml - # studies metadata - - name: studies-mount - mountPath: /studies - - # studies files - - name: output-mount - mountPath: /output command: ["/bin/bash" ] args: - "-c" - | - # Until we fix in helm env, setup well known postgres env variables - # TODO - set GLOBAL_HOSTNAME to value from values.yaml - cat << EOF >> ~/.bashrc - export PGDB=`cat /creds/sheepdog-creds/database` - export PGPASSWORD=`cat /creds/sheepdog-creds/password` - export PGUSER=`cat /creds/sheepdog-creds/username` - export PGHOST=`cat /creds/sheepdog-creds/host` - export DBREADY=`cat /creds/sheepdog-creds/dbcreated` - export PGPORT=`cat /creds/sheepdog-creds/port` - EOF - - # link back to mounted volumes - ln -s /studies /data_model/studies - ln -s /output /data_model/output - - echo "Done setting up data_model" - - # link back to mounted volumes - ln -s /studies /data_model/studies - ln -s /output /data_model/output - - echo "Done setting up data_model" - - # For development purposes, extends the lifespan of the pod to let us exec into it. while true; do sleep 30; done; - # TODO - read nodegroup from values.yaml - #nodeSelector: - # eks.amazonaws.com/nodegroup: aced-commons-development-etl-node-group-large diff --git a/helm/aws-es-proxy/templates/elasticsearch-pv.yaml b/helm/aws-es-proxy/templates/elasticsearch-pv.yaml index c97c3c0d6..e1ec9b20e 100644 --- a/helm/aws-es-proxy/templates/elasticsearch-pv.yaml +++ b/helm/aws-es-proxy/templates/elasticsearch-pv.yaml @@ -1,4 +1,4 @@ - apiVersion: v1 +apiVersion: v1 kind: PersistentVolume metadata: name: elasticsearch-pv diff --git a/helm/revproxy/gen3.nginx.conf/grip-service.conf b/helm/revproxy/gen3.nginx.conf/grip-service.conf index e6cc63f87..93a1b3cc8 100644 --- a/helm/revproxy/gen3.nginx.conf/grip-service.conf +++ b/helm/revproxy/gen3.nginx.conf/grip-service.conf @@ -9,6 +9,7 @@ location /grip/reader { } location /grip/writer { + proxy_request_buffering off; proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; @@ -16,6 +17,7 @@ location /grip/writer { rewrite ^/grip/(.*)$ /$1 break; proxy_pass http://grip-service.$namespace.svc.cluster.local:8201; + client_max_body_size 0; } location /grip/graphql { diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf index 63ade0c65..b0a142724 100644 --- a/helm/revproxy/nginx/nginx.conf +++ b/helm/revproxy/nginx/nginx.conf @@ -67,7 +67,7 @@ http { # # # js_import helpers.js; js_set $userid helpers.userid; - + perl_set $document_url_env 'sub { return $ENV{"DOCUMENT_URL"} || ""; }'; @@ -127,7 +127,7 @@ http { # ## # # For using fence, indexd, etc from a different namespace within the same k8 cluster - # # support data ecosystem feature ... - # ## + # ## perl_set $des_domain 'sub { return $ENV{"DES_NAMESPACE"} ? qq{.$ENV{"DES_NAMESPACE"}.svc.cluster.local} : qq{.$ENV{"POD_NAMESPACE"}.svc.cluster.local}; }'; # ## @@ -199,7 +199,7 @@ http { # update service release cookie # add_header Set-Cookie "service_releases=${service_releases};Path=/;Max-Age=600;HttpOnly;Secure;SameSite=Lax" always; - + if ($request_method = 'OPTIONS') { return 204; } @@ -251,8 +251,8 @@ http { } # - # initialize proxy_service and upstream used as key in logs to - # unspecified values - + # initialize proxy_service and upstream used as key in logs to + # unspecified values - # individual service locations should override to "peregrine", ... # set $proxy_service "noproxy"; @@ -277,12 +277,12 @@ http { # * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size # * https://ma.ttias.be/nginx-proxy-upstream-sent-big-header-reading-response-header-upstream/ # - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; - client_body_buffer_size 16k; + proxy_buffer_size 256k; + proxy_buffers 8 512k; + proxy_busy_buffers_size 512k; + client_body_buffer_size 32m; proxy_read_timeout 300; - + # # also incoming from client: # * https://fullvalence.com/2016/07/05/cookie-size-in-nginx/ @@ -313,7 +313,7 @@ http { return 500 "{ \"error\": \"service failure - try again later\"}"; } - location = /_status { + location = /_status { default_type application/json; set $upstream http://localhost; access_log off; From 78ec5b92df498f617151b310c00bcf189de3b106 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Fri, 2 May 2025 08:43:03 -0700 Subject: [PATCH 10/12] fix lint --- helm/kafka/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/kafka/values.yaml b/helm/kafka/values.yaml index 9c8f801f7..8c1d98733 100644 --- a/helm/kafka/values.yaml +++ b/helm/kafka/values.yaml @@ -1672,7 +1672,7 @@ service: ## labels: {} ## @param service.headless.ipFamilies IP families for the headless service - ## + ## ipFamilies: [] ## @param service.headless.ipFamilyPolicy IP family policy for the headless service ## @@ -2107,7 +2107,7 @@ metrics: prometheus.io/path: "/metrics" ## @param metrics.jmx.service.ipFamilies IP families for the jmx metrics service ## - ipFamilies: [] + ipFamilies: [] ## @param metrics.jmx.service.ipFamilyPolicy IP family policy for the jmx metrics service ## ipFamilyPolicy: "" From dd503a960e649f940efcad1e5922ac16351bddd7 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Wed, 7 May 2025 12:56:11 -0700 Subject: [PATCH 11/12] update grip init db job and config map to customize graph name --- helm/grip/templates/grip-values.yaml | 1 + helm/grip/templates/post-install.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/helm/grip/templates/grip-values.yaml b/helm/grip/templates/grip-values.yaml index 5588e6997..649ccd742 100644 --- a/helm/grip/templates/grip-values.yaml +++ b/helm/grip/templates/grip-values.yaml @@ -4,3 +4,4 @@ metadata: name: grip-values data: serviceName: {{ .Values.serviceName | quote }} + graphName: {{ .Values.graphName | quote}} diff --git a/helm/grip/templates/post-install.yaml b/helm/grip/templates/post-install.yaml index 439b3a680..e79ebaed8 100644 --- a/helm/grip/templates/post-install.yaml +++ b/helm/grip/templates/post-install.yaml @@ -23,13 +23,13 @@ spec: echo "Grip service not ready, retrying in 5 seconds..." sleep 5 done - echo "Grip is online. Creating CALIPER Graph" - curl -X POST 'http://{{ .Values.serviceName }}:8201/v1/graph/CALIPER' - echo "Adding Caliper schema from https://raw.githubusercontent.com/bmeg/iceberg/7f6cfdb558d05370fc645b5ab894b98b38a01e1b/schemas/graph/graph-fhir.json" + echo "Grip is online. Creating {{.Values.graphName}} Graph" + curl -X POST 'http://{{ .Values.serviceName }}:8201/v1/graph/{{.Values.graphName}}' + echo "Adding {{.Values.graphName}} schema from https://raw.githubusercontent.com/bmeg/iceberg/7f6cfdb558d05370fc645b5ab894b98b38a01e1b/schemas/graph/graph-fhir.json" curl -s https://raw.githubusercontent.com/bmeg/iceberg/7f6cfdb558d05370fc645b5ab894b98b38a01e1b/schemas/graph/graph-fhir.json -o /tmp/schema.json - echo '{"graph":"CALIPER","data":' > /tmp/request.json + echo '{"graph":"{{.Values.graphName}}","data":' > /tmp/request.json cat /tmp/schema.json >> /tmp/request.json echo '}' >> /tmp/request.json - curl -X POST --header "Content-Type: application/json" --data @/tmp/request.json http://{{ .Values.serviceName }}:8201/v1/graph/CALIPER/jsonschema + curl -X POST --header "Content-Type: application/json" --data @/tmp/request.json http://{{ .Values.serviceName }}:8201/v1/graph/{{.Values.graphName}}/jsonschema restartPolicy: OnFailure From da4aa188b3daf3819f4aacd2b00b7771de8f5c5e Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Thu, 15 May 2025 14:41:27 -0700 Subject: [PATCH 12/12] update gecko default tag --- helm/gecko/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gecko/values.yaml b/helm/gecko/values.yaml index 50a1d08a9..cf1af9049 100644 --- a/helm/gecko/values.yaml +++ b/helm/gecko/values.yaml @@ -113,7 +113,7 @@ image: # -- (string) Docker pull policy. pullPolicy: IfNotPresent # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "test" + tag: "latest" # -- (list) Docker image pull secrets. imagePullSecrets: []