icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove Flink and Metabase manifests from the freeleaps-data-platform directory, including CRDs, RBAC configurations, deployments, and associated resources. This cleanup streamlines the project by eliminating unused components.

Browse Source 
Signed-off-by: zhenyus <zhenyus@mathmast.com>
This commit is contained in:
zhenyus 2025-09-02 10:38:40 +08:00
parent 604af2dffb
commit d90e0f2692
38 changed files with 13709 additions and 5818 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

26
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
---
apiVersion: v2
name: flink-kubernetes-operator
description: A Helm chart for the Apache Flink Kubernetes Operator
type: application
version: 1.12.1
appVersion: 1.12.1
icon: https://flink.apache.org/img/logo/png/50/color_50.png

60
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/conf/flink-conf.yaml Normal file
View File

@ -0,0 +1,60 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Flink job/cluster related configs
taskmanager.numberOfTaskSlots: 1
parallelism.default: 1
# These parameters are required for Java 17 support.
# Flink 1.18 uses env.java.opts.all, if a user supplies their own version of these opts in their FlinkDeployment the options below will be overridden.
# env.java.default-opts.all is used for 1.19 onwards so users can supply their own opts.all in their Job deployments and have these appended.
kubernetes.operator.default-configuration.flink-version.v1_18.env.java.opts.all: --add-exports=java.base/sun.net.util=ALL-UNNAMED --add-exports=java.rmi/sun.rmi.registry=ALL-UNNAMED --add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.locks=ALL-UNNAMED
kubernetes.operator.default-configuration.flink-version.v1_19+.env.java.default-opts.all: --add-exports=java.base/sun.net.util=ALL-UNNAMED --add-exports=java.rmi/sun.rmi.registry=ALL-UNNAMED --add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.locks=ALL-UNNAMED
# Flink operator related configs
# kubernetes.operator.reconcile.interval: 60 s
# kubernetes.operator.reconcile.parallelism: 5
# kubernetes.operator.flink.client.cancel.timeout: 1 min
# kubernetes.operator.resource.cleanup.timeout: 60 s
# kubernetes.operator.observer.rest-ready.delay: 10 s
# kubernetes.operator.observer.progress-check.interval: 10 s
# kubernetes.operator.observer.savepoint.trigger.grace-period: 10 s
# kubernetes.operator.flink.client.timeout: 10 s
# kubernetes.operator.deployment.rollback.enabled: false
# kubernetes.operator.deployment.readiness.timeout: 5min
# kubernetes.operator.user.artifacts.base.dir: /opt/flink/artifacts
# kubernetes.operator.job.upgrade.ignore-pending-savepoint: false
# kubernetes.operator.watched.namespaces: ns1,ns2
# kubernetes.operator.label.selector: flink=enabled
# kubernetes.operator.dynamic.namespaces.enabled: false
# kubernetes.operator.retry.initial.interval: 5 s
# kubernetes.operator.retry.interval.multiplier: 2
# kubernetes.operator.retry.max.attempts: 10
# kubernetes.operator.exception.stacktrace.enabled: false
# kubernetes.operator.exception.stacktrace.max.length: 2048
# kubernetes.operator.exception.field.max.length: 2048
# kubernetes.operator.exception.throwable.list.max.count: 2
# kubernetes.operator.exception.label.mapper: Job has already been submitted:duplicatedJobFound,Server returned HTTP response code:httpResponseCodeFound
# kubernetes.operator.leader-election.enabled: false
# kubernetes.operator.leader-election.lease-name: flink-operator-lease
# kubernetes.operator.snapshot.resource.enabled: true
# kubernetes.operator.savepoint.dispose-on-delete: true
# kubernetes.operator.metrics.reporter.slf4j.factory.class: org.apache.flink.metrics.slf4j.Slf4jReporterFactory
# kubernetes.operator.metrics.reporter.slf4j.interval: 5 MINUTE

65
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/conf/log4j-console.properties Normal file
View File

@ -0,0 +1,65 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# This affects logging for both user code and Flink
rootLogger.level = INFO
rootLogger.appenderRef.console.ref = ConsoleAppender
rootLogger.appenderRef.rolling.ref = RollingFileAppender
# Uncomment this if you want to _only_ change Flink's logging
#logger.flink.name = org.apache.flink
#logger.flink.level = INFO
# The following lines keep the log level of common libraries/connectors on
# log level INFO. The root logger does not override this. You have to manually
# change the log levels here.
logger.akka.name = akka
logger.akka.level = INFO
logger.kafka.name= org.apache.kafka
logger.kafka.level = INFO
logger.hadoop.name = org.apache.hadoop
logger.hadoop.level = INFO
logger.zookeeper.name = org.apache.zookeeper
logger.zookeeper.level = INFO
# Log all infos to the console
appender.console.name = ConsoleAppender
appender.console.type = CONSOLE
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %-60c %x - %m%n
# Log all infos in the given rolling file
appender.rolling.name = RollingFileAppender
appender.rolling.type = RollingFile
appender.rolling.append = false
appender.rolling.fileName = ${sys:log.file}
appender.rolling.filePattern = ${sys:log.file}.%i
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %-60c %x - %m%n
appender.rolling.policies.type = Policies
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size=100MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.max = 10
# Suppress the irrelevant (wrong) warnings from the Netty channel handler
logger.netty.name = org.apache.flink.shaded.akka.org.jboss.netty.channel.DefaultChannelPipeline
logger.netty.level = OFF
# The monitor interval in seconds to enable log4j automatic reconfiguration
# monitorInterval = 30

37
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/conf/log4j-operator.properties Normal file
View File

@ -0,0 +1,37 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
rootLogger.level = INFO
rootLogger.appenderRef.console.ref = ConsoleAppender
# Log all infos to the console
appender.console.name = ConsoleAppender
appender.console.type = CONSOLE
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = %style{%d}{yellow} %style{%-30c{1.}}{cyan} %highlight{[%-5level]%notEmpty{[%X{resource.namespace}/}%notEmpty{%X{resource.name}]} %msg%n%throwable}
# Do not log config loading
logger.conf.name = org.apache.flink.configuration.GlobalConfiguration
logger.conf.level = ERROR
# Avoid logging fallback key INFO messages
logger.conf.name = org.apache.flink.configuration.Configuration
logger.conf.level = ERROR
# The monitor interval in seconds to enable log4j automatic reconfiguration
# monitorInterval = 30

10443
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/crds/flinkdeployments.flink.apache.org-v1.yml Normal file
View File

File diff suppressed because it is too large Load Diff

273
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/crds/flinksessionjobs.flink.apache.org-v1.yml Normal file
View File

@ -0,0 +1,273 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Generated by Fabric8 CRDGenerator, manual edits might get overwritten!
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinksessionjobs.flink.apache.org
spec:
group: flink.apache.org
names:
kind: FlinkSessionJob
plural: flinksessionjobs
shortNames:
- sessionjob
singular: flinksessionjob
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Last observed state of the job.
jsonPath: .status.jobStatus.state
name: Job Status
priority: 0
type: string
- description: "Lifecycle state of the Flink resource (including being rolled\
\ back, failed etc.)."
jsonPath: .status.lifecycleState
name: Lifecycle State
priority: 0
type: string
name: v1beta1
schema:
openAPIV3Schema:
properties:
spec:
properties:
deploymentName:
type: string
flinkConfiguration:
additionalProperties:
type: string
type: object
job:
properties:
allowNonRestoredState:
type: boolean
args:
items:
type: string
type: array
autoscalerResetNonce:
type: integer
checkpointTriggerNonce:
type: integer
entryClass:
type: string
initialSavepointPath:
type: string
jarURI:
type: string
parallelism:
type: integer
savepointRedeployNonce:
type: integer
savepointTriggerNonce:
type: integer
state:
enum:
- running
- suspended
type: string
upgradeMode:
enum:
- last-state
- savepoint
- stateless
type: string
type: object
restartNonce:
type: integer
type: object
status:
properties:
error:
type: string
jobStatus:
properties:
checkpointInfo:
properties:
formatType:
enum:
- FULL
- INCREMENTAL
- UNKNOWN
type: string
lastCheckpoint:
properties:
formatType:
enum:
- FULL
- INCREMENTAL
- UNKNOWN
type: string
timeStamp:
type: integer
triggerNonce:
type: integer
triggerType:
enum:
- MANUAL
- PERIODIC
- UNKNOWN
- UPGRADE
type: string
type: object
lastPeriodicCheckpointTimestamp:
type: integer
triggerId:
type: string
triggerTimestamp:
type: integer
triggerType:
enum:
- MANUAL
- PERIODIC
- UNKNOWN
- UPGRADE
type: string
type: object
jobId:
type: string
jobName:
type: string
savepointInfo:
properties:
formatType:
enum:
- CANONICAL
- NATIVE
- UNKNOWN
type: string
lastPeriodicSavepointTimestamp:
type: integer
lastSavepoint:
properties:
formatType:
enum:
- CANONICAL
- NATIVE
- UNKNOWN
type: string
location:
type: string
timeStamp:
type: integer
triggerNonce:
type: integer
triggerType:
enum:
- MANUAL
- PERIODIC
- UNKNOWN
- UPGRADE
type: string
type: object
savepointHistory:
items:
properties:
formatType:
enum:
- CANONICAL
- NATIVE
- UNKNOWN
type: string
location:
type: string
timeStamp:
type: integer
triggerNonce:
type: integer
triggerType:
enum:
- MANUAL
- PERIODIC
- UNKNOWN
- UPGRADE
type: string
type: object
type: array
triggerId:
type: string
triggerTimestamp:
type: integer
triggerType:
enum:
- MANUAL
- PERIODIC
- UNKNOWN
- UPGRADE
type: string
type: object
startTime:
type: string
state:
enum:
- CANCELED
- CANCELLING
- CREATED
- FAILED
- FAILING
- FINISHED
- INITIALIZING
- RECONCILING
- RESTARTING
- RUNNING
- SUSPENDED
type: string
updateTime:
type: string
upgradeSavepointPath:
type: string
type: object
lifecycleState:
enum:
- CREATED
- DELETED
- DELETING
- DEPLOYED
- FAILED
- ROLLED_BACK
- ROLLING_BACK
- STABLE
- SUSPENDED
- UPGRADING
type: string
observedGeneration:
type: integer
reconciliationStatus:
properties:
lastReconciledSpec:
type: string
lastStableSpec:
type: string
reconciliationTimestamp:
type: integer
state:
enum:
- DEPLOYED
- ROLLED_BACK
- ROLLING_BACK
- UPGRADING
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}

112
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/crds/flinkstatesnapshots.flink.apache.org-v1.yml Normal file
View File

@ -0,0 +1,112 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Generated by Fabric8 CRDGenerator, manual edits might get overwritten!
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinkstatesnapshots.flink.apache.org
spec:
group: flink.apache.org
names:
kind: FlinkStateSnapshot
plural: flinkstatesnapshots
shortNames:
- flinksnp
singular: flinkstatesnapshot
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Final path of the snapshot.
jsonPath: .status.path
name: Path
priority: 0
type: string
- description: Timestamp when the snapshot was last created/failed.
jsonPath: .status.resultTimestamp
name: Result Timestamp
priority: 0
type: string
- description: Current state of the snapshot.
jsonPath: .status.state
name: Snapshot State
priority: 0
type: string
name: v1beta1
schema:
openAPIV3Schema:
properties:
spec:
properties:
backoffLimit:
type: integer
checkpoint:
type: object
jobReference:
properties:
kind:
enum:
- FlinkDeployment
- FlinkSessionJob
type: string
name:
type: string
type: object
savepoint:
properties:
alreadyExists:
type: boolean
disposeOnDelete:
type: boolean
formatType:
enum:
- CANONICAL
- NATIVE
- UNKNOWN
type: string
path:
type: string
type: object
type: object
status:
properties:
error:
type: string
failures:
type: integer
path:
type: string
resultTimestamp:
type: string
state:
enum:
- ABANDONED
- COMPLETED
- FAILED
- IN_PROGRESS
- TRIGGER_PENDING
type: string
triggerId:
type: string
triggerTimestamp:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

197
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,197 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
{{/*
Expand the name of the chart.
*/}}
{{- define "flink-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "flink-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "flink-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "flink-operator.labels" -}}
{{ include "flink-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "flink-operator.chart" . }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "flink-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "flink-operator.name" . }}
{{- end }}
{{/*
Create the path of the operator image to use
*/}}
{{- define "flink-operator.imagePath" -}}
{{- if .Values.image.digest }}
{{- .Values.image.repository }}@{{ .Values.image.digest }}
{{- else }}
{{- .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}
{{- end }}
{{- end }}
{{/*
Create the name of the operator role to use
*/}}
{{- define "flink-operator.roleName" -}}
{{- if .Values.rbac.operatorRole.create }}
{{- default (include "flink-operator.fullname" .) .Values.rbac.operatorRole.name }}
{{- else }}
{{- default "default" .Values.rbac.operatorRole.name }}
{{- end }}
{{- end }}
{{/*
Create the name of the operator role binding to use
*/}}
{{- define "flink-operator.roleBindingName" -}}
{{- if .Values.rbac.operatorRoleBinding.create }}
{{- default (include "flink-operator.fullname" .) .Values.rbac.operatorRoleBinding.name }}
{{- else }}
{{- default "default" .Values.rbac.operatorRoleBinding.name }}
{{- end }}
{{- end }}
{{/*
Create the name of the job role to use
*/}}
{{- define "flink-operator.jobRoleName" -}}
{{- if .Values.rbac.jobRoleBinding.create }}
{{- default (include "flink-operator.fullname" .) .Values.rbac.jobRole.name }}
{{- else }}
{{- default "default" .Values.rbac.jobRole.name }}
{{- end }}
{{- end }}
{{/*
Create the name of the job role to use
*/}}
{{- define "flink-operator.jobRoleBindingName" -}}
{{- if .Values.rbac.jobRole.create }}
{{- default (include "flink-operator.fullname" .) .Values.rbac.jobRoleBinding.name }}
{{- else }}
{{- default "default" .Values.rbac.jobRoleBinding.name }}
{{- end }}
{{- end }}
{{/*
Create the name of the operator service account to use
*/}}
{{- define "flink-operator.serviceAccountName" -}}
{{- if .Values.operatorServiceAccount.create }}
{{- default (include "flink-operator.fullname" .) .Values.operatorServiceAccount.name }}
{{- else }}
{{- default "default" .Values.operatorServiceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the name of the job service account to use
*/}}
{{- define "flink-operator.jobServiceAccountName" -}}
{{- if .Values.jobServiceAccount.create }}
{{- default (include "flink-operator.fullname" .) .Values.jobServiceAccount.name }}
{{- else }}
{{- default "default" .Values.jobServiceAccount.name }}
{{- end }}
{{- end }}
{{/*
Determine role scope based on name
*/}}
{{- define "flink-operator.roleScope" -}}
{{- if contains ":" .role }}
{{- printf "ClusterRole" }}
{{- else }}
{{- printf "Role" }}
{{- end }}
{{- end }}
{{- define "flink-operator.validating-webhook-enabled" -}}
{{- if hasKey .Values.webhook "validator" }}
{{- if .Values.webhook.validator.create }}
{{- printf "true" }}
{{- else }}
{{- printf "false" }}
{{- end }}
{{- else }}
{{- if or (.Values.webhook.create) }}
{{- printf "true" }}
{{- else }}
{{- printf "false" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "flink-operator.mutating-webhook-enabled" -}}
{{- if hasKey .Values.webhook "mutator" }}
{{- if .Values.webhook.mutator.create }}
{{- printf "true" }}
{{- else }}
{{- printf "false" }}
{{- end }}
{{- else }}
{{- if or (.Values.webhook.create) }}
{{- printf "true" }}
{{- else }}
{{- printf "false" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "flink-operator.webhook-enabled" -}}
{{- if or (eq (include "flink-operator.validating-webhook-enabled" .) "true") (eq (include "flink-operator.mutating-webhook-enabled" .) "true") }}
{{- printf "true" }}
{{- else }}
{{- printf "false" }}
{{- end }}
{{- end }}

328
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/templates/flink-operator.yaml Normal file
View File

@ -0,0 +1,328 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "flink-operator.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
{{- if index (.Values.operatorPod) "labels" }}
{{- with .Values.operatorPod.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
strategy:
{{- toYaml .Values.strategy | nindent 4 }}
selector:
matchLabels:
{{- include "flink-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "flink-operator.selectorLabels" . | nindent 8 }}
{{- if index (.Values.operatorPod) "labels" }}
{{- with .Values.operatorPod.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
annotations:
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
{{- if index (.Values.operatorPod) "annotations" }}
{{- with .Values.operatorPod.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- with .Values.operatorPod.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.operatorPod.nodeSelector }}
nodeSelector: {{ toYaml .Values.operatorPod.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.operatorPod.affinity }}
affinity: {{ toYaml .Values.operatorPod.affinity | nindent 8 }}
{{- end }}
{{- with .Values.operatorPod.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "flink-operator.serviceAccountName" . }}
{{- if .Values.operatorPod.topologySpreadConstraints }}
topologySpreadConstraints: {{ toYaml .Values.operatorPod.topologySpreadConstraints | nindent 8 }}
{{- end }}
{{- if .Values.operatorPod.initContainers }}
initContainers:
{{- toYaml .Values.operatorPod.initContainers | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "flink-operator.imagePath" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/docker-entrypoint.sh", "operator"]
ports:
{{- if .Values.metrics.port }}
- containerPort: {{ .Values.metrics.port }}
name: metrics
protocol: TCP
{{- end }}
{{- if index .Values "operatorHealth" }}
- containerPort: {{ .Values.operatorHealth.port }}
name: health-port
protocol: TCP
{{- end }}
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{ include "flink-operator.name" . }}
- name: FLINK_CONF_DIR
value: /opt/flink/conf
- name: FLINK_PLUGINS_DIR
value: /opt/flink/plugins
- name: LOG_CONFIG
value: {{ .Values.jvmArgs.logConfig }}
- name: JVM_ARGS
value: {{ .Values.jvmArgs.operator }}
{{- if .Values.tls.create }}
- name: OPERATOR_KEYSTORE_PATH
value: /opt/flink/tls-cert/keystore.jks
- name: OPERATOR_TRUSTSTORE_PATH
value: /opt/flink/tls-cert/truststore.jks
- name: OPERATOR_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
{{- toYaml .Values.tls.secretKeyRef | nindent 18 }}
optional: true
{{- end }}
{{- with .Values.operatorPod.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.operatorPod.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.operatorPod.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.operatorSecurityContext | nindent 12 }}
volumeMounts:
- name: flink-operator-config-volume
mountPath: /opt/flink/conf
{{- if .Values.operatorVolumeMounts.create }}
{{- toYaml .Values.operatorVolumeMounts.data | nindent 12 }}
{{- else }}
- name: flink-artifacts-volume
mountPath: /opt/flink/artifacts
{{- end }}
{{- if .Values.tls.create }}
- name: flink-operator-cert-secret
mountPath: /opt/flink/tls-cert
{{- end }}
{{- if and (index .Values "operatorHealth") (index .Values.operatorHealth "livenessProbe") }}
livenessProbe:
{{- toYaml .Values.operatorHealth.livenessProbe | nindent 12 }}
httpGet:
path: /
port: health-port
{{- end }}
{{- if and (index .Values "operatorHealth") (index .Values.operatorHealth "startupProbe") }}
startupProbe:
{{- toYaml .Values.operatorHealth.startupProbe | nindent 12 }}
httpGet:
path: /
port: health-port
{{- end }}
{{- if .Values.postStart }}
lifecycle:
postStart:
{{- toYaml .Values.postStart | nindent 14 }}
{{- end }}
{{- if eq (include "flink-operator.webhook-enabled" .) "true" }}
- name: flink-webhook
image: {{ include "flink-operator.imagePath" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/docker-entrypoint.sh", "webhook"]
env:
- name: WEBHOOK_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.webhook.keystore.useDefaultPassword }}
name: flink-operator-webhook-secret
key: password
{{- else }}
{{- with .Values.webhook.keystore.passwordSecretRef }}
{{- toYaml . | nindent 18 }}
{{- end }}
{{- end }}
- name: WEBHOOK_KEYSTORE_FILE
value: "/certs/keystore.p12"
- name: WEBHOOK_KEYSTORE_TYPE
value: "pkcs12"
- name: WEBHOOK_SERVER_PORT
value: "9443"
- name: LOG_CONFIG
value: {{ .Values.jvmArgs.logConfig }}
- name: JVM_ARGS
value: {{ .Values.jvmArgs.webhook }}
- name: FLINK_CONF_DIR
value: /opt/flink/conf
- name: FLINK_PLUGINS_DIR
value: /opt/flink/plugins
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- with .Values.operatorPod.webhook.container.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.operatorPod.webhook.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.webhookSecurityContext | nindent 12 }}
volumeMounts:
- name: keystore
mountPath: "/certs"
readOnly: true
- name: flink-operator-config-volume
mountPath: /opt/flink/conf
{{- end }}
{{- if .Values.operatorPod.sidecarContainers }}
{{- toYaml .Values.operatorPod.sidecarContainers | nindent 8 }}
{{- end }}
{{- if index (.Values.operatorPod) "dnsPolicy" }}
dnsPolicy: {{ .Values.operatorPod.dnsPolicy | quote }}
{{- end }}
{{- if index (.Values.operatorPod) "dnsConfig" }}
dnsConfig:
{{- with .Values.operatorPod.dnsConfig }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
volumes:
- name: flink-operator-config-volume
configMap:
name: flink-operator-config
items:
{{- if hasKey .Values.defaultConfiguration "flink-conf.yaml" }}
- key: flink-conf.yaml
path: flink-conf.yaml
{{- else }}
- key: config.yaml
path: config.yaml
{{- end }}
- key: log4j-operator.properties
path: log4j-operator.properties
- key: log4j-console.properties
path: log4j-console.properties
{{- if .Values.operatorVolumes.create }}
{{- toYaml .Values.operatorVolumes.data | nindent 8 }}
{{- else }}
- name: flink-artifacts-volume
emptyDir: {}
{{- end }}
{{- if eq (include "flink-operator.webhook-enabled" .) "true" }}
- name: keystore
secret:
secretName: webhook-server-cert
items:
- key: keystore.p12
path: keystore.p12
{{- end }}
{{- if .Values.tls.create }}
- name: flink-operator-cert-secret
secret:
secretName: {{ .Values.tls.secretName }}
optional: true
{{- end }}
---
{{- if .Values.defaultConfiguration.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: flink-operator-config
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
data:
config.yaml: |+
{{- if .Values.defaultConfiguration.append }}
{{- $.Files.Get "conf/flink-conf.yaml" | nindent 4 -}}
{{- end }}
{{- if hasKey (.Values.defaultConfiguration) "config.yaml" }}
{{- index (.Values.defaultConfiguration) "config.yaml" | nindent 4 -}}
{{- end }}
{{- if .Values.watchNamespaces }}
kubernetes.operator.watched.namespaces: {{ join "," .Values.watchNamespaces }}
{{- end }}
{{- if index .Values "operatorHealth" }}
kubernetes.operator.health.probe.enabled: true
kubernetes.operator.health.probe.port: {{ .Values.operatorHealth.port }}
{{- end }}
flink-conf.yaml: |+
{{- if .Values.defaultConfiguration.append }}
{{- $.Files.Get "conf/flink-conf.yaml" | nindent 4 -}}
{{- end }}
{{- if hasKey (.Values.defaultConfiguration) "flink-conf.yaml" }}
{{- index (.Values.defaultConfiguration) "flink-conf.yaml" | nindent 4 -}}
{{- end }}
{{- if .Values.watchNamespaces }}
kubernetes.operator.watched.namespaces: {{ join "," .Values.watchNamespaces }}
{{- end }}
{{- if index .Values "operatorHealth" }}
kubernetes.operator.health.probe.enabled: true
kubernetes.operator.health.probe.port: {{ .Values.operatorHealth.port }}
{{- end }}
log4j-operator.properties: |+
{{- if .Values.defaultConfiguration.append }}
{{- $.Files.Get "conf/log4j-operator.properties" | nindent 4 -}}
{{- end }}
{{- if index (.Values.defaultConfiguration) "log4j-operator.properties" }}
{{- index (.Values.defaultConfiguration) "log4j-operator.properties" | nindent 4 -}}
{{- end }}
log4j-console.properties: |+
{{- if .Values.defaultConfiguration.append }}
{{- $.Files.Get "conf/log4j-console.properties" | nindent 4 -}}
{{- end }}
{{- if index (.Values.defaultConfiguration) "log4j-console.properties" }}
{{- index (.Values.defaultConfiguration) "log4j-console.properties" | nindent 4 -}}
{{- end }}
{{- end }}

351
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/templates/rbac.yaml Normal file
View File

@ -0,0 +1,351 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
{{/*
RBAC rules used to create the operator (cluster)role based on the scope
*/}}
{{- define "flink-operator.rbacRules" }}
rules:
- apiGroups:
- ""
resources:
- pods
- services
- events
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
{{- if .Values.rbac.nodesRule.create }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
{{- end }}
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
- replicasets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments/scale
verbs:
- get
- update
- patch
- apiGroups:
- extensions
resources:
- deployments
- ingresses
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- flink.apache.org
resources:
- flinkdeployments
- flinkdeployments/finalizers
- flinksessionjobs
- flinksessionjobs/finalizers
- flinkstatesnapshots
- flinkstatesnapshots/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- flink.apache.org
resources:
- flinkdeployments/status
- flinksessionjobs/status
- flinkstatesnapshots/status
verbs:
- get
- update
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
{{- end }}
{{/*
RBAC rules used to create the job (cluster)role based on the scope
*/}}
{{- define "flink-operator.jobRbacRules" }}
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
{{- end }}
---
{{- if .Values.rbac.create }}
---
{{/*
Namespaced scoped RBAC.
*/}}
{{- if .Values.watchNamespaces }}
{{- range .Values.watchNamespaces }}
{{- if $.Values.rbac.operatorRole.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "flink-operator.roleName" $ }}
namespace: {{ . }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
{{- template "flink-operator.rbacRules" $ }}
{{- end }}
---
{{- if $.Values.rbac.jobRole.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "flink-operator.jobRoleName" $ }}
namespace: {{ . }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
annotations:
"helm.sh/resource-policy": keep
{{- template "flink-operator.jobRbacRules" $ }}
{{- end }}
---
{{- if $.Values.rbac.operatorRoleBinding.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "flink-operator.roleBindingName" $ }}
namespace: {{ . }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
roleRef:
kind: {{ $role := include "flink-operator.roleName" $ }}{{ include "flink-operator.roleScope" (dict "role" $role)}}
name: {{ include "flink-operator.roleName" $ }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "flink-operator.serviceAccountName" $ }}
namespace: {{ $.Release.Namespace }}
{{- end }}
---
{{- if $.Values.rbac.jobRoleBinding.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "flink-operator.jobRoleBindingName" $ }}
namespace: {{ . }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
annotations:
"helm.sh/resource-policy": keep
roleRef:
kind: {{ $role := include "flink-operator.jobRoleName" $ }}{{ include "flink-operator.roleScope" (dict "role" $role)}}
name: {{ include "flink-operator.jobRoleName" $ }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "flink-operator.jobServiceAccountName" $ }}
namespace: {{ . }}
{{- end }}
---
{{- end }}
{{/*
Give operator the ability to operate on leases in the release namespace
*/}}
{{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace .Values.watchNamespaces)) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "flink-operator.roleName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
{{- end }}
---
{{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace .Values.watchNamespaces)) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "flink-operator.roleBindingName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
roleRef:
kind: Role
name: {{ include "flink-operator.roleName" $ }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "flink-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{ else }}
{{/*
Cluster scoped RBAC.
*/}}
---
{{- if .Values.rbac.operatorRole.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "flink-operator.roleName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
{{- template "flink-operator.rbacRules" $ }}
{{- end }}
---
{{- if .Values.rbac.jobRole.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "flink-operator.jobRoleName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/resource-policy": keep
{{- template "flink-operator.jobRbacRules" $ }}
{{- end }}
---
{{- if .Values.rbac.operatorRoleBinding.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "flink-operator.roleBindingName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: {{ include "flink-operator.roleName" $ }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "flink-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
---
{{- if .Values.rbac.jobRoleBinding.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "flink-operator.jobRoleBindingName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/resource-policy": keep
roleRef:
kind: Role
name: {{ include "flink-operator.jobRoleName" $ }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "flink-operator.jobServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{- end }}

70
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,70 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
---
{{- if .Values.operatorServiceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "flink-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" . | nindent 4 }}
{{- with .Values.operatorServiceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.jobServiceAccount.create -}}
{{/*
Create job service accounts for all watched namespaces.
*/}}
{{- if .Values.watchNamespaces }}
{{- range .Values.watchNamespaces }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "flink-operator.jobServiceAccountName" $ }}
namespace: {{ . }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
{{- with $.Values.jobServiceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
---
{{- end }}
{{/*
Create the job service account for the operator namespace, it is to be added for other namespaces manually
(or via specifying them in watchNamespaces).
*/}}
{{- else}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "flink-operator.jobServiceAccountName" $ }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "flink-operator.labels" $ | nindent 4 }}
{{- with .Values.jobServiceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

157
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/templates/webhook.yaml Normal file
View File

@ -0,0 +1,157 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
---
{{- if eq (include "flink-operator.webhook-enabled" .) "true" }}
---
apiVersion: v1
kind: Service
metadata:
name: flink-operator-webhook-service
namespace: {{ .Release.Namespace }}
{{- if .Values.webhook.serviceLabels }}
labels:
{{- range $key, $value := .Values.webhook.serviceLabels }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app.kubernetes.io/name: {{ include "flink-operator.name" . }}
---
{{- if .Values.webhook.keystore.useDefaultPassword }}
apiVersion: v1
kind: Secret
metadata:
name: flink-operator-webhook-secret
namespace: {{ .Release.Namespace }}
type: Opaque
data:
password: cGFzc3dvcmQxMjM0
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: flink-operator-serving-cert
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- flink-operator-webhook-service.{{ .Release.Namespace }}.svc
- flink-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
keystores:
pkcs12:
create: true
passwordSecretRef:
{{- if .Values.webhook.keystore.useDefaultPassword }}
name: flink-operator-webhook-secret
key: password
{{- else }}
{{- with .Values.webhook.keystore.passwordSecretRef }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
issuerRef:
kind: Issuer
name: flink-operator-selfsigned-issuer
commonName: FlinkDeployment Validator
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: flink-operator-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
{{- end }}
{{- if eq (include "flink-operator.validating-webhook-enabled" .) "true" }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/flink-operator-serving-cert
name: flink-operator-{{ .Release.Namespace }}-webhook-configuration
webhooks:
- name: validationwebhook.flink.apache.org
admissionReviewVersions: ["v1"]
clientConfig:
service:
name: flink-operator-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate
failurePolicy: Fail
rules:
- apiGroups: ["flink.apache.org"]
apiVersions: ["*"]
scope: "Namespaced"
operations:
- CREATE
- UPDATE
resources:
- flinkdeployments
- flinksessionjobs
- flinkstatesnapshots
sideEffects: None
{{- if .Values.watchNamespaces }}
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values: [{{- range .Values.watchNamespaces }}{{ . | quote }},{{- end}}]
{{- end }}
{{- end }}
{{- if eq (include "flink-operator.mutating-webhook-enabled" .) "true" }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/flink-operator-serving-cert
name: flink-operator-{{ .Release.Namespace }}-webhook-configuration
webhooks:
- name: mutationwebhook.flink.apache.org
admissionReviewVersions: ["v1"]
clientConfig:
service:
name: flink-operator-webhook-service
namespace: {{ .Release.Namespace }}
path: /mutate
failurePolicy: Fail
rules:
- apiGroups: ["flink.apache.org"]
apiVersions: ["*"]
scope: "Namespaced"
operations:
- CREATE
- UPDATE
resources:
- flinksessionjobs
- flinkdeployments
sideEffects: None
{{- if .Values.watchNamespaces }}
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values: [{{- range .Values.watchNamespaces }}{{ . | quote }},{{- end}}]
{{- end }}
{{- end }}

219
cluster/manifests/freeleaps-data-platform/flink/1.12.0/flink-kubernetes-operator/values.yaml Normal file
View File

@ -0,0 +1,219 @@
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
---
# List of kubernetes namespaces to watch for FlinkDeployment changes, empty means all namespaces.
# When enabled RBAC is only created for said namespaces, otherwise it is done for the cluster scope.
# watchNamespaces: ["flink"]
image:
repository: ghcr.io/apache/flink-kubernetes-operator
pullPolicy: IfNotPresent
tag: "0315e91"
# If image digest is set then it takes precedence and the image tag will be ignored
# digest: ""
imagePullSecrets: []
# Replicas must be 1 unless operator leader election is configured
replicas: 1
# Strategy type must be Recreate unless leader election is configured
strategy:
type: Recreate
rbac:
create: true
# kubernetes.rest-service.exposed.type: NodePort requires
# list permission for nodes at the cluster scope.
# Set create to true if you are using NodePort type.
nodesRule:
create: false
operatorRole:
create: true
name: "flink-operator"
operatorRoleBinding:
create: true
name: "flink-operator-role-binding"
jobRole:
create: true
name: "flink"
jobRoleBinding:
create: true
name: "flink-role-binding"
operatorPod:
priorityClassName: null
annotations: {}
labels: {}
# The env variables only apply to the operator container in the operator pod
# TODO: consider making this pod level env variables
env:
# - name: ""
# value: ""
# - name: ""
# valueFrom:
# configMapKeyRef:
# name: ""
# key: ""
# dnsPolicy: ""
# dnsConfig: {}
# Node labels and affinity for operator pod assignment
# https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
envFrom:
# - configMapRef:
# name: ""
nodeSelector: {}
affinity: {}
# Node tolerations for operator pod assignment
# https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# Topology spread constrains
# https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints: []
resources: {}
# resources:
# limits:
# cpu: "250m"
# memory: "512Mi"
# requests:
# cpu: "250m"
# memory: "512Mi"
webhook:
resources: {}
container:
env:
# - name: ""
# value: ""
# optional init containers for operator pod
initContainers: []
# optional extra containers for operator pod
sidecarContainers: []
operatorServiceAccount:
create: true
annotations: {}
name: "flink-operator"
jobServiceAccount:
create: true
annotations:
"helm.sh/resource-policy": keep
name: "flink"
operatorVolumeMounts:
create: false
data:
- name: flink-artifacts
mountPath: /opt/flink/artifacts
operatorVolumes:
create: false
data:
- name: flink-artifacts
hostPath:
path: /tmp/flink/artifacts
type: DirectoryOrCreate
# - name: flink-artifacts
# persistentVolumeClaim:
# claimName: flink-artifacts
podSecurityContext:
runAsUser: 9999
runAsGroup: 9999
# fsGroup: 9999
operatorSecurityContext: {}
webhookSecurityContext: {}
webhook:
create: true
# validator:
# create: true
# mutator:
# create: true
keystore:
useDefaultPassword: true
# passwordSecretRef:
# name: jks-password-secret
# key: password-key
serviceLabels: {}
defaultConfiguration:
# If set to true, creates ConfigMaps/VolumeMounts. If set to false, no configuration will be created.
# All below fields will be ignored if create is set to false.
create: true
# If set to true,
# (1) loads the built-in default configuration
# (2) appends the below flink-conf and logging configuration overrides
# If set to false, loads just the overrides as in (2).
# This option has not effect, if create is equal to false.
append: true
flink-conf.yaml: |+
# Flink Config Overrides
kubernetes.operator.metrics.reporter.slf4j.factory.class: org.apache.flink.metrics.slf4j.Slf4jReporterFactory
kubernetes.operator.metrics.reporter.slf4j.interval: 5 MINUTE
kubernetes.operator.reconcile.interval: 15 s
kubernetes.operator.observer.progress-check.interval: 5 s
log4j-operator.properties: |+
# Flink Operator Logging Overrides
# rootLogger.level = DEBUG
# logger.operator.name= org.apache.flink.kubernetes.operator
# logger.operator.level = DEBUG
log4j-console.properties: |+
# Flink Deployment Logging Overrides
# rootLogger.level = DEBUG
# (Optional) Exposes metrics port on the container if defined
metrics:
port:
nameOverride: ""
fullnameOverride: ""
# Set the jvm start up options for webhook and operator
jvmArgs:
webhook: ""
operator: ""
logConfig: "-Dlog4j.configurationFile=/opt/flink/conf/log4j-operator.properties"
# Configure health probes for the operator
operatorHealth:
port: 8085
livenessProbe:
periodSeconds: 10
initialDelaySeconds: 30
startupProbe:
failureThreshold: 30
periodSeconds: 10
# Set postStart hook of the main container
postStart: {}
# Configuration for tls
tls:
create: false
secretName: flink-operator-cert
secretKeyRef:
name: operator-certificate-password
key: password

235
cluster/manifests/freeleaps-data-platform/flink/README.md
View File

@ -1,235 +0,0 @@
# Flink High Availability Cluster Deployment
## Overview
This project uses Apache Flink Kubernetes Operator to deploy a high availability Flink cluster with persistent storage and automatic failover capabilities.
## Component Architecture
- **JobManager**: 2 replicas with high availability configuration
- **TaskManager**: 3 replicas for distributed processing
- **High Availability**: Kubernetes-based HA with persistent storage
- **Checkpointing**: Persistent checkpoints and savepoints storage
## File Description
### 1. flink-operator-v2.yaml
Flink Kubernetes Operator deployment configuration:
- Operator deployment in `flink-system` namespace
- RBAC configuration for cluster-wide permissions
- Health checks and resource limits
- Enhanced CRD definitions with additional printer columns
### 2. flink-crd.yaml
Custom Resource Definitions for Flink:
- FlinkDeployment CRD
- FlinkSessionJob CRD
- Required for Flink Operator to function
### 3. ha-flink-cluster-v2.yaml
Production-ready HA Flink cluster configuration:
- 2 JobManager replicas with HA enabled
- 3 TaskManager replicas with anti-affinity rules
- Persistent storage for HA data, checkpoints, and savepoints
- Memory and CPU resource allocation
- Exponential delay restart strategy
- Proper volume mounts and storage configuration
### 4. simple-ha-flink-cluster.yaml
Simplified HA Flink cluster configuration:
- Uses ephemeral storage to avoid PVC binding issues
- Basic HA configuration for testing and development
- Minimal resource requirements
- Recommended for development and testing
### 5. flink-storage.yaml
Storage and RBAC configuration:
- PersistentVolumeClaims for HA data, checkpoints, and savepoints
- ServiceAccount and RBAC permissions for Flink cluster
- Azure Disk storage class configuration with correct access modes
### 6. flink-rbac.yaml
Enhanced RBAC configuration:
- Complete permissions for Flink HA functionality
- Both namespace-level and cluster-level permissions
- Includes watch permissions for HA operations
## Deployment Steps
### 1. Install Flink Operator
```bash
# Apply Flink Operator configuration
kubectl apply -f flink-operator-v2.yaml
# Verify operator installation
kubectl get pods -n flink-system
```
### 2. Create Storage Resources (Optional - for production)
```bash
# Apply storage configuration
kubectl apply -f flink-storage.yaml
# Verify PVC creation
kubectl get pvc -n freeleaps-data-platform
```
### 3. Deploy HA Flink Cluster
```bash
# Option A: Deploy with persistent storage (production)
kubectl apply -f ha-flink-cluster-v2.yaml
# Option B: Deploy with ephemeral storage (development/testing)
kubectl apply -f simple-ha-flink-cluster.yaml
# Check deployment status
kubectl get flinkdeployments -n freeleaps-data-platform
kubectl get pods -n freeleaps-data-platform -l app=flink
```
## High Availability Features
- **JobManager HA**: 2 JobManager replicas with Kubernetes-based leader election
- **Persistent State**: Checkpoints and savepoints stored on persistent volumes
- **Automatic Failover**: Exponential delay restart strategy with backoff
- **Pod Anti-affinity**: Ensures components are distributed across different nodes
- **Storage Persistence**: HA data, checkpoints, and savepoints persist across restarts
## Network Configuration
- **JobManager**: Port 8081 (Web UI), 6123 (RPC), 6124 (Blob Server)
- **TaskManager**: Port 6121 (Data), 6122 (RPC), 6126 (Metrics)
- **Service Type**: ClusterIP for internal communication
## Storage Configuration
- **HA Data**: 10Gi for high availability metadata
- **Checkpoints**: 20Gi for application checkpoints
- **Savepoints**: 20Gi for manual savepoints
- **Storage Class**: azure-disk-std-ssd-lrs
- **Access Mode**: ReadWriteOnce (Azure Disk limitation)
## Monitoring and Operations
- **Health Checks**: Built-in readiness and liveness probes
- **Web UI**: Accessible through JobManager service
- **Metrics**: Exposed on port 8080 for Prometheus collection
- **Logging**: Centralized logging through Kubernetes
## Configuration Details
### High Availability Settings
- **Type**: kubernetes (native Kubernetes HA)
- **Storage**: Persistent volume for HA metadata
- **Cluster ID**: ha-flink-cluster-v2
### Checkpointing Configuration
- **Interval**: 60 seconds
- **Timeout**: 10 minutes
- **Min Pause**: 5 seconds
- **Backend**: Filesystem with persistent storage
### Resource Allocation
- **JobManager**: 0.5 CPU, 1024MB memory (HA), 1.0 CPU, 1024MB memory (Simple)
- **TaskManager**: 0.5 CPU, 2048MB memory (HA), 2.0 CPU, 2048MB memory (Simple)
## Troubleshooting
### Common Issues and Solutions
#### 1. PVC Binding Issues
```bash
# Check PVC status
kubectl get pvc -n freeleaps-data-platform
# PVC stuck in Pending state - usually due to:
# - Insufficient storage quota
# - Wrong access mode (ReadWriteMany not supported by Azure Disk)
# - Storage class not available
# Solution: Use ReadWriteOnce access mode or ephemeral storage
```
#### 2. Pod CrashLoopBackOff
```bash
# Check pod status
kubectl get pods -n freeleaps-data-platform -l app=flink
# Check pod logs
kubectl logs <pod-name> -n freeleaps-data-platform
# Check pod events
kubectl describe pod <pod-name> -n freeleaps-data-platform
```
#### 3. ServiceAccount Issues
```bash
# Verify ServiceAccount exists
kubectl get serviceaccount -n freeleaps-data-platform
# Check RBAC permissions
kubectl get rolebinding -n freeleaps-data-platform
```
#### 4. Storage Path Issues
```bash
# Ensure storage paths match volume mounts
# For persistent storage: /opt/flink/ha-data, /opt/flink/checkpoints
# For ephemeral storage: /tmp/flink/ha-data, /tmp/flink/checkpoints
```
### Diagnostic Commands
```bash
# Check Flink Operator logs
kubectl logs -n flink-system -l app.kubernetes.io/name=flink-kubernetes-operator
# Check Flink cluster status
kubectl describe flinkdeployment <cluster-name> -n freeleaps-data-platform
# Check pod events
kubectl get events -n freeleaps-data-platform --sort-by='.lastTimestamp'
# Check storage status
kubectl get pvc -n freeleaps-data-platform
kubectl describe pvc <pvc-name> -n freeleaps-data-platform
# Check operator status
kubectl get pods -n flink-system
kubectl logs -n flink-system deployment/flink-kubernetes-operator
```
## Important Notes
1. **Storage Limitations**: Azure Disk storage class only supports ReadWriteOnce access mode
2. **ServiceAccount**: Ensure the correct ServiceAccount is specified in cluster configuration
3. **Resource Requirements**: Verify cluster has enough CPU/memory for all replicas
4. **Network Policies**: May need adjustment for inter-pod communication
5. **Ephemeral vs Persistent**: Use ephemeral storage for development/testing, persistent for production
## Quick Start (Recommended for Testing)
```bash
# 1. Deploy operator
kubectl apply -f flink-operator-v2.yaml
# 2. Wait for operator to be ready
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=flink-kubernetes-operator -n flink-system
# 3. Deploy simple HA cluster (no persistent storage)
kubectl apply -f simple-ha-flink-cluster.yaml
# 4. Monitor deployment
kubectl get flinkdeployments -n freeleaps-data-platform
kubectl get pods -n freeleaps-data-platform -l app=flink
```
## Production Deployment
```bash
# 1. Deploy operator
kubectl apply -f flink-operator-v2.yaml
# 2. Deploy storage resources
kubectl apply -f flink-storage.yaml
# 3. Deploy production HA cluster
kubectl apply -f ha-flink-cluster-v2.yaml
# 4. Monitor deployment
kubectl get flinkdeployments -n freeleaps-data-platform
kubectl get pods -n freeleaps-data-platform -l app=flink
```

43
cluster/manifests/freeleaps-data-platform/flink/flink-crd.yaml
View File

@ -1,43 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinkdeployments.flink.apache.org
spec:
group: flink.apache.org
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
scope: Namespaced
names:
plural: flinkdeployments
singular: flinkdeployment
kind: FlinkDeployment
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinksessionjobs.flink.apache.org
spec:
group: flink.apache.org
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
scope: Namespaced
names:
plural: flinksessionjobs
singular: flinksessionjob
kind: FlinkSessionJob

298
cluster/manifests/freeleaps-data-platform/flink/flink-operator-v2.yaml
View File

@ -1,298 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinkdeployments.flink.apache.org
spec:
group: flink.apache.org
names:
kind: FlinkDeployment
listKind: FlinkDeploymentList
plural: flinkdeployments
singular: flinkdeployment
shortNames:
- fd
- flinkdeploy
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Job Status
type: string
jsonPath: .status.jobStatus
- name: Flink Version
type: string
jsonPath: .spec.flinkVersion
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: flinksessionjobs.flink.apache.org
spec:
group: flink.apache.org
names:
kind: FlinkSessionJob
listKind: FlinkSessionJobList
plural: flinksessionjobs
singular: flinksessionjob
shortNames:
- fsj
- flinksessionjob
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
additionalPrinterColumns:
- name: Job Status
type: string
jsonPath: .status.jobStatus
- name: Flink Deployment
type: string
jsonPath: .spec.deploymentName
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
---
apiVersion: v1
kind: Namespace
metadata:
name: flink-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flink-kubernetes-operator
namespace: flink-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flink-kubernetes-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- flink.apache.org
resources:
- flinkdeployments
- flinkdeployments/status
- flinksessionjobs
- flinksessionjobs/status
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: flink-kubernetes-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flink-kubernetes-operator
subjects:
- kind: ServiceAccount
name: flink-kubernetes-operator
namespace: flink-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flink-kubernetes-operator
namespace: flink-system
labels:
app: flink-kubernetes-operator
spec:
replicas: 1
selector:
matchLabels:
app: flink-kubernetes-operator
template:
metadata:
labels:
app: flink-kubernetes-operator
spec:
serviceAccountName: flink-kubernetes-operator
containers:
- name: flink-kubernetes-operator
image: apache/flink-kubernetes-operator:1.8.0
command: ["/docker-entrypoint.sh"]
args: ["operator"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: flink-kubernetes-operator
- name: LEADER_ELECTION_ID
value: flink-kubernetes-operator
- name: LEADER_ELECTION_NAMESPACE
value: flink-system
ports:
- containerPort: 8085
name: metrics
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /healthz
port: 8085
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8085

66
cluster/manifests/freeleaps-data-platform/flink/flink-rbac.yaml
View File

@ -1,66 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: flink
namespace: freeleaps-data-platform
labels:
app: flink
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: flink-role
namespace: freeleaps-data-platform
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets", "services", "pods", "events", "endpoints"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: flink-role-binding
namespace: freeleaps-data-platform
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: flink-role
subjects:
- kind: ServiceAccount
name: flink
namespace: freeleaps-data-platform
---
# Additional permissions for HA functionality
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flink-ha-cluster-role
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets", "services", "pods", "events", "endpoints"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: flink-ha-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flink-ha-cluster-role
subjects:
- kind: ServiceAccount
name: flink
namespace: freeleaps-data-platform

82
cluster/manifests/freeleaps-data-platform/flink/flink-storage.yaml
View File

@ -1,82 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ha-flink-ha-data
namespace: freeleaps-data-platform
labels:
app: flink
component: ha-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: azure-disk-std-ssd-lrs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ha-flink-checkpoints
namespace: freeleaps-data-platform
labels:
app: flink
component: checkpoint-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: azure-disk-std-ssd-lrs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ha-flink-savepoints
namespace: freeleaps-data-platform
labels:
app: flink
component: savepoint-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: azure-disk-std-ssd-lrs
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flink
namespace: freeleaps-data-platform
labels:
app: flink
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: flink-role
namespace: freeleaps-data-platform
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets", "services", "pods"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: flink-role-binding
namespace: freeleaps-data-platform
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: flink-role
subjects:
- kind: ServiceAccount
name: flink
namespace: freeleaps-data-platform

94
cluster/manifests/freeleaps-data-platform/flink/ha-flink-cluster-v2.yaml
View File

@ -1,94 +0,0 @@
apiVersion: flink.apache.org/v1beta1
kind: FlinkDeployment
metadata:
name: ha-flink-cluster-v2
namespace: freeleaps-data-platform
labels:
app: flink
component: streaming
cluster-type: ha
spec:
flinkVersion: v1_19
image: flink:1.19.0
flinkConfiguration:
# High Availability Configuration
high-availability.type: kubernetes
high-availability.storageDir: file:///opt/flink/ha-data
# Checkpointing Configuration
state.backend.type: filesystem
state.checkpoints.dir: file:///opt/flink/checkpoints
state.savepoints.dir: file:///opt/flink/savepoints
execution.checkpointing.interval: 60s
execution.checkpointing.min-pause: 5s
execution.checkpointing.timeout: 10min
# JobManager Configuration
jobmanager.rpc.address: ha-flink-cluster-v2-jobmanager
jobmanager.rpc.port: "6123"
jobmanager.bind-host: "0.0.0.0"
# REST Configuration
rest.address: ha-flink-cluster-v2-jobmanager
rest.port: "8081"
rest.bind-address: "0.0.0.0"
# Blob Server Configuration
blob.server.port: "6124"
# TaskManager Configuration
taskmanager.numberOfTaskSlots: "2"
# Memory Configuration
taskmanager.memory.process.size: 2048m
jobmanager.memory.process.size: 1024m
# Restart Strategy
restart-strategy.type: exponential-delay
restart-strategy.exponential-delay.initial-backoff: 10s
restart-strategy.exponential-delay.max-backoff: 2min
restart-strategy.exponential-delay.backoff-multiplier: "2.0"
restart-strategy.exponential-delay.reset-backoff-threshold: 10min
restart-strategy.exponential-delay.jitter-factor: "0.1"
serviceAccount: flink
jobManager:
replicas: 2
resource:
memory: "1024m"
cpu: 0.5
podTemplate:
spec:
containers:
- name: flink-main-container
volumeMounts:
- name: ha-data
mountPath: /opt/flink/ha-data
- name: checkpoints
mountPath: /opt/flink/checkpoints
- name: savepoints
mountPath: /opt/flink/savepoints
volumes:
- name: ha-data
persistentVolumeClaim:
claimName: ha-flink-ha-data
- name: checkpoints
persistentVolumeClaim:
claimName: ha-flink-checkpoints
- name: savepoints
persistentVolumeClaim:
claimName: ha-flink-savepoints
taskManager:
replicas: 3
resource:
memory: "2048m"
cpu: 0.5
podTemplate:
spec:
containers:
- name: flink-main-container
volumeMounts:
- name: checkpoints
mountPath: /opt/flink/checkpoints
- name: savepoints
mountPath: /opt/flink/savepoints
volumes:
- name: checkpoints
persistentVolumeClaim:
claimName: ha-flink-checkpoints
- name: savepoints
persistentVolumeClaim:
claimName: ha-flink-savepoints

46
cluster/manifests/freeleaps-data-platform/flink/simple-ha-flink-cluster.yaml
View File

@ -1,46 +0,0 @@
apiVersion: flink.apache.org/v1beta1
kind: FlinkDeployment
metadata:
name: simple-ha-flink-cluster
namespace: freeleaps-data-platform
labels:
app: flink
component: streaming
cluster-type: simple-ha
spec:
flinkVersion: v1_18
image: flink:1.18
flinkConfiguration:
# Basic Configuration
taskmanager.numberOfTaskSlots: "2"
# High Availability Configuration (using ephemeral storage)
high-availability.type: kubernetes
high-availability.storageDir: file:///tmp/flink/ha-data
# Checkpointing Configuration (using ephemeral storage)
state.backend.type: filesystem
state.checkpoints.dir: file:///tmp/flink/checkpoints
state.savepoints.dir: file:///tmp/flink/savepoints
execution.checkpointing.interval: 60s
execution.checkpointing.min-pause: 5s
execution.checkpointing.timeout: 10min
# Memory Configuration
taskmanager.memory.process.size: 2048m
jobmanager.memory.process.size: 1024m
# Restart Strategy
restart-strategy.type: exponential-delay
restart-strategy.exponential-delay.initial-backoff: 10s
restart-strategy.exponential-delay.max-backoff: 2min
restart-strategy.exponential-delay.backoff-multiplier: "2.0"
restart-strategy.exponential-delay.reset-backoff-threshold: 10min
restart-strategy.exponential-delay.jitter-factor: "0.1"
serviceAccount: flink
jobManager:
replicas: 2
resource:
memory: "1024m"
cpu: 1.0
taskManager:
replicas: 3
resource:
memory: "2048m"
cpu: 2.0

897
cluster/manifests/freeleaps-data-platform/flink/values.yaml
View File

@ -1,897 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: "azure-disk-std-lrs"
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered)
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: freeleaps.cluster
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section Apache Flink parameters
##
## Bitnami Apache Flink image
## ref: https://hub.docker.com/r/bitnami/flink/tags/
## @param image.registry [default: REGISTRY_NAME] Apache Flink image registry
## @param image.repository [default: REPOSITORY_NAME/flink] Apache Flink image repository
## @skip image.tag Apache Flink image tag (immutable tags are recommended)
## @param image.digest Apache Flink image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy image pull policy
## @param image.pullSecrets Apache Flink image pull secrets
## @param image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/flink
tag: 2.0.0-debian-12-r7
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Enable debug mode
##
debug: false
## @section Jobmanager deployment parameters
##
jobmanager:
## @param jobmanager.command Command for running the container (set to default if not set). Use array form
##
command: []
## @param jobmanager.args Args for running the container (set to default if not set). Use array form
##
args: []
## @param jobmanager.lifecycleHooks [object] Override default etcd container hooks
##
lifecycleHooks: {}
## @param jobmanager.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param jobmanager.hostAliases Set pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param jobmanager.extraEnvVars Extra environment variables to be set on flink container
## For example:
## - name: FOO
## value: BAR
##
extraEnvVars: []
## @param jobmanager.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param jobmanager.extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @param jobmanager.replicaCount Number of Apache Flink Jobmanager replicas
##
replicaCount: 1
## Configure extra options for container's liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param jobmanager.livenessProbe.enabled Enable livenessProbe on Jobmanager nodes
## @param jobmanager.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param jobmanager.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param jobmanager.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param jobmanager.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param jobmanager.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param jobmanager.startupProbe.enabled Enable startupProbe on Jobmanager containers
## @param jobmanager.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param jobmanager.startupProbe.periodSeconds Period seconds for startupProbe
## @param jobmanager.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param jobmanager.startupProbe.failureThreshold Failure threshold for startupProbe
## @param jobmanager.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param jobmanager.readinessProbe.enabled Enable readinessProbe
## @param jobmanager.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param jobmanager.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param jobmanager.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param jobmanager.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param jobmanager.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param jobmanager.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param jobmanager.customStartupProbe [object] Override default startup probe
##
customStartupProbe: {}
## @param jobmanager.customReadinessProbe [object] Override default readiness probe
##
customReadinessProbe: {}
## Apache Flink pods' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## Minimum memory for development is 4GB and 2 CPU cores
## Minimum memory for production is 8GB and 4 CPU cores
## ref: http://docs.datastax.com/en/archived/flink/2.0/flink/architecture/architecturePlanningHardware_c.html
##
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param jobmanager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if jobmanager.resources is set (jobmanager.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
# resourcesPreset: "small"
## @param jobmanager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 2Gi
## @param jobmanager.extraVolumeMounts Optionally specify extra list of additional volumeMounts for flink container
##
extraVolumeMounts: []
## Container ports to expose
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
containerPorts:
## @param jobmanager.containerPorts.rpc Port for RPC
##
rpc: 6123
## @param jobmanager.containerPorts.http Port for http UI
##
http: 8081
## @param jobmanager.containerPorts.blob Port for blob server
##
blob: 6124
## Apache Flink jobmanager.service parameters
##
service:
## @param jobmanager.service.type Apache Flink service type
##
type: ClusterIP
## Ports to expose
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
ports:
## @param jobmanager.service.ports.rpc Port for RPC
##
rpc: 6123
## @param jobmanager.service.ports.http Port for http UI
##
http: 8081
## @param jobmanager.service.ports.blob Port for blob server
## Due the Apache Flink specificities this port should match the jobmanager.containerPorts.blob port. The taskmanager should be
## able to communicate with the jobmanager through the port jobmanager indicates to the taskmanager, being the jobmanager not aware of the service port.
blob: 6124
## Node ports to expose
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
nodePorts:
## @param jobmanager.service.nodePorts.rpc Node port for RPC
##
rpc: ""
## @param jobmanager.service.nodePorts.http Node port for http UI
##
http: ""
## @param jobmanager.service.nodePorts.blob Port for blob server
##
blob: ""
## @param jobmanager.service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
##
extraPorts: []
## @param jobmanager.service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer`
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param jobmanager.service.loadBalancerSourceRanges Service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param jobmanager.service.clusterIP Service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param jobmanager.service.externalTrafficPolicy Service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param jobmanager.service.annotations Provide any additional annotations which may be required.
## This can be used to set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param jobmanager.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param jobmanager.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param jobmanager.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param jobmanager.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param jobmanager.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param jobmanager.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param jobmanager.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param jobmanager.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param jobmanager.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Apache Flink Jobmanager serviceAccount parameters
##
serviceAccount:
## @param jobmanager.serviceAccount.create Enables ServiceAccount
##
create: true
## @param jobmanager.serviceAccount.name ServiceAccount name
##
name: ""
## @param jobmanager.serviceAccount.annotations Annotations to add to all deployed objects
##
annotations: {}
## @param jobmanager.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: false
## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param jobmanager.podSecurityContext.enabled Enabled Apache Flink pods' Security Context
## @param jobmanager.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param jobmanager.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param jobmanager.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param jobmanager.podSecurityContext.fsGroup Set Apache Flink pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param jobmanager.containerSecurityContext.enabled Enabled Apache Flink containers' Security Context
## @param jobmanager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param jobmanager.containerSecurityContext.runAsUser Set Apache Flink container's Security Context runAsUser
## @param jobmanager.containerSecurityContext.runAsGroup Set Apache Flink container's Security Context runAsGroup
## @param jobmanager.containerSecurityContext.runAsNonRoot Force the container to be run as non root
## @param jobmanager.containerSecurityContext.allowPrivilegeEscalation Allows privilege escalation
## @param jobmanager.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param jobmanager.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param jobmanager.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param jobmanager.containerSecurityContext.seccompProfile.type Rules specifying actions to take based on the requested syscall
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
privileged: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param jobmanager.podAnnotations Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param jobmanager.podLabels Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param jobmanager.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param jobmanager.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param jobmanager.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param jobmanager.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param jobmanager.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param jobmanager.priorityClassName Server priorityClassName
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param jobmanager.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param jobmanager.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param jobmanager.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param jobmanager.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param jobmanager.schedulerName Alternative scheduler
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param jobmanager.updateStrategy.type Apache Flink jobmanager deployment strategy type
## @param jobmanager.updateStrategy.rollingUpdate [object,nullable] Apache Flink jobmanager deployment rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
updateStrategy:
type: RollingUpdate
rollingUpdate: null
## @param jobmanager.extraVolumes Optionally specify extra list of additional volumes for flink container
##
extraVolumes: []
## @param jobmanager.initContainers Add additional init containers to the flink pods
##
initContainers: []
## @param jobmanager.sidecars Add additional sidecar containers to the flink pods
##
sidecars: []
## @param jobmanager.pdb.create Enable/disable a Pod Disruption Budget creation
## @param jobmanager.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param jobmanager.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable.Defaults to `1` if both `secondary.pdb.minAvailable` and `secondary.pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @section TaskManager deployment parameters
##
taskmanager:
## @param taskmanager.command Command for running the container (set to default if not set). Use array form
##
command: []
## @param taskmanager.args Args for running the container (set to default if not set). Use array form
##
args: []
## @param taskmanager.lifecycleHooks [object] Override default etcd container hooks
##
lifecycleHooks: {}
## @param taskmanager.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param taskmanager.hostAliases Set pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param taskmanager.extraEnvVars Extra environment variables to be set on flink container
## For example:
## - name: FOO
## value: BAR
##
extraEnvVars: []
## @param taskmanager.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param taskmanager.extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @param taskmanager.replicaCount Number of Apache Flink replicas
##
replicaCount: 1
## Configure extra options for container's liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param taskmanager.livenessProbe.enabled Enable livenessProbe on taskmanager nodes
## @param taskmanager.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param taskmanager.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param taskmanager.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param taskmanager.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param taskmanager.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param taskmanager.startupProbe.enabled Enable startupProbe on taskmanager containers
## @param taskmanager.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param taskmanager.startupProbe.periodSeconds Period seconds for startupProbe
## @param taskmanager.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param taskmanager.startupProbe.failureThreshold Failure threshold for startupProbe
## @param taskmanager.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param taskmanager.readinessProbe.enabled Enable readinessProbe
## @param taskmanager.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param taskmanager.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param taskmanager.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param taskmanager.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param taskmanager.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param taskmanager.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param taskmanager.customStartupProbe [object] Override default startup probe
##
customStartupProbe: {}
## @param taskmanager.customReadinessProbe [object] Override default readiness probe
##
customReadinessProbe: {}
## Apache Flink pods' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## Minimum memory for development is 4GB and 2 CPU cores
## Minimum memory for production is 8GB and 4 CPU cores
## ref: http://docs.datastax.com/en/archived/flink/2.0/flink/architecture/architecturePlanningHardware_c.html
##
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param taskmanager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if taskmanager.resources is set (taskmanager.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
# resourcesPreset: "small"
## @param taskmanager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 2Gi
## @param taskmanager.extraVolumeMounts Optionally specify extra list of additional volumeMounts for flink container
##
extraVolumeMounts: []
## Container ports to expose
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
## @param taskmanager.containerPorts.data data exchange port
## @param taskmanager.containerPorts.rpc Port for RPC
## @param taskmanager.containerPorts.internalMetrics Port for internal metrics query service
##
containerPorts:
data: 6121
rpc: 6122
internalMetrics: 6126
## Apache Flink taskmanager.service parameters
##
service:
## @param taskmanager.service.type Apache Flink service type
##
type: ClusterIP
## Ports to expose
## @param taskmanager.service.ports.data data exchange port
## @param taskmanager.service.ports.rpc Port for RPC
## @param taskmanager.service.ports.internalMetrics Port for internal metrics query service
##
ports:
data: 6121
rpc: 6122
internalMetrics: 6126
## Node ports to expose
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
## @param taskmanager.service.nodePorts.data data exchange port
## @param taskmanager.service.nodePorts.rpc Port for RPC
## @param taskmanager.service.nodePorts.internalMetrics Port for internal metrics query service
##
nodePorts:
data: ""
rpc: ""
internalMetrics: ""
## @param taskmanager.service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
##
extraPorts: []
## @param taskmanager.service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer`
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param taskmanager.service.loadBalancerSourceRanges Service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param taskmanager.service.clusterIP Service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param taskmanager.service.externalTrafficPolicy Service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param taskmanager.service.annotations Provide any additional annotations which may be required.
## This can be used to set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param taskmanager.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param taskmanager.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param taskmanager.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param taskmanager.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param taskmanager.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param taskmanager.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param taskmanager.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param taskmanager.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param taskmanager.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Apache Flink taskmanager serviceAccount parameters
##
serviceAccount:
## @param taskmanager.serviceAccount.create Enables ServiceAccount
##
create: true
## @param taskmanager.serviceAccount.name ServiceAccount name
##
name: ""
## @param taskmanager.serviceAccount.annotations Annotations to add to all deployed objects
##
annotations: {}
## @param taskmanager.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: false
## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param taskmanager.podSecurityContext.enabled Enabled Apache Flink pods' Security Context
## @param taskmanager.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param taskmanager.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param taskmanager.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param taskmanager.podSecurityContext.fsGroup Set Apache Flink pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param taskmanager.containerSecurityContext.enabled Enabled Apache Flink containers' Security Context
## @param taskmanager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param taskmanager.containerSecurityContext.runAsUser Set Apache Flink container's Security Context runAsUser
## @param taskmanager.containerSecurityContext.runAsGroup Set Apache Flink container's Security Context runAsGroup
## @param taskmanager.containerSecurityContext.runAsNonRoot Force the container to be run as non root
## @param taskmanager.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param taskmanager.containerSecurityContext.allowPrivilegeEscalation Allows privilege escalation
## @param taskmanager.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param taskmanager.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param taskmanager.containerSecurityContext.seccompProfile.type Rules specifying actions to take based on the requested syscall
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param taskmanager.podAnnotations Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param taskmanager.podLabels Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param taskmanager.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param taskmanager.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param taskmanager.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param taskmanager.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param taskmanager.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param taskmanager.priorityClassName Server priorityClassName
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param taskmanager.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param taskmanager.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param taskmanager.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param taskmanager.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param taskmanager.schedulerName Alternative scheduler
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param taskmanager.podManagementPolicy Pod management policy for the Apache Flink taskmanager statefulset
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: Parallel
## @param taskmanager.updateStrategy.type Apache Flink taskmanager statefulset strategy type
## @param taskmanager.updateStrategy.rollingUpdate [object,nullable] Apache Flink taskmanager statefulset rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: null
## @param taskmanager.extraVolumes Optionally specify extra list of additional volumes for flink container
##
extraVolumes: []
## @param taskmanager.initContainers Add additional init containers to the flink pods
##
initContainers: []
## @param taskmanager.sidecars Add additional sidecar containers to the flink pods
##
sidecars: []
## @param taskmanager.pdb.create Enable/disable a Pod Disruption Budget creation
## @param taskmanager.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param taskmanager.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable.Defaults to `1` if both `secondary.pdb.minAvailable` and `secondary.pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""

21
cluster/manifests/freeleaps-data-platform/kafbat/config.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kafbat-config
namespace: freeleaps-data-platform
data:
config.yml: |
kafka:
clusters:
- name: freeleaps-kafka-cluster
bootstrap-servers: freeleaps-kafka-cluster-kafka-bootstrap.freeleaps-data-platform.svc.freeleaps.cluster:9092
properties:
security.protocol: SASL_PLAINTEXT
sasl.mechanism: SCRAM-SHA-512
sasl.jaas.config: 'org.apache.kafka.common.security.scram.ScramLoginModule required username="kafbat-agent" password="lUL2Ay9twljpMMNC2mdwMacK9PoPkMGv";'
schemaRegistry: http://schema-registry.freeleaps-data-platform.svc.freeleaps.cluster:8081
auth: disabled
management:
health:
ldap:
enabled: false

48
cluster/manifests/freeleaps-data-platform/kafbat/kafka-user.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: kafbat-agent
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: freeleaps-kafka-cluster
spec:
authentication:
type: scram-sha-512
authorization:
type: simple
acls:
- resource:
type: topic
name: "*"
patternType: literal
host: "*"
operations:
- Read
- resource:
type: topic
name: "*"
patternType: literal
host: "*"
operations:
- DescribeConfigs
- resource:
type: group
name: "*"
patternType: literal
host: "*"
operations:
- Describe
- resource:
type: cluster
name: "*"
patternType: literal
host: "*"
operations:
- Describe
- resource:
type: cluster
name: "*"
patternType: literal
host: "*"
operations:
- DescribeConfigs

106
cluster/manifests/freeleaps-data-platform/kafka/freeleaps-kafka-cluster.yaml Normal file
View File

@ -0,0 +1,106 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: freeleaps-kafka-cluster-controllers
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: freeleaps-kafka-cluster
spec:
replicas: 3
roles:
- controller
storage:
type: jbod
volumes:
- id: 0
type: persistent-claim
size: 25Gi
deleteClaim: false
kraftMetadata: shared
class: azure-disk-std-ssd-lrs
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: freeleaps-kafka-cluster-brokers
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: freeleaps-kafka-cluster
spec:
replicas: 3
roles:
- broker
storage:
type: jbod
volumes:
- id: 0
type: persistent-claim
size: 25Gi
deleteClaim: false
kraftMetadata: shared
class: azure-disk-std-ssd-lrs
---
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: freeleaps-kafka-cluster
namespace: freeleaps-data-platform
annotations:
strimzi.io/node-pools: enabled
strimzi.io/kraft: enabled
spec:
kafka:
version: 4.0.0
metadataVersion: 4.0-IV3
listeners:
- name: plain
port: 9092
type: internal
tls: false
authentication:
type: scram-sha-512
- name: tls
port: 9093
type: internal
tls: true
config:
offsets.topic.replication.factor: 1
transaction.state.log.replication.factor: 1
transaction.state.log.min.isr: 1
default.replication.factor: 1
min.insync.replicas: 1
authorization:
type: simple
superUsers:
- freeleaps-user
entityOperator:
topicOperator: {}
userOperator: {}
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: freeleaps-user
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: freeleaps-kafka-cluster
spec:
authentication:
type: scram-sha-512
authorization:
type: simple
acls:
- resource:
type: topic
name: "*"
patternType: literal
host: "*"
operations:
- All
- resource:
type: group
name: "*"
patternType: literal
operations:
- All
host: "*"

90
cluster/manifests/freeleaps-data-platform/kafka/strimzi-kafka-cluster.yaml
View File

@ -1,90 +0,0 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: kafka-cluster
namespace: freeleaps-data-platform
labels:
app: kafka
component: messaging
spec:
kafka:
version: 3.8.0
replicas: 3
listeners:
- name: plain
port: 9092
type: internal
tls: false
authentication:
type: scram-sha-512
- name: tls
port: 9093
type: internal
tls: true
authentication:
type: tls
config:
offsets.topic.replication.factor: 3
transaction.state.log.replication.factor: 3
transaction.state.log.min.isr: 2
default.replication.factor: 3
min.insync.replicas: 2
inter.broker.protocol.version: "3.8"
log.retention.hours: 168 # 7 days
log.segment.bytes: 1073741824 # 1GB
num.partitions: 8
log.retention.check.interval.ms: 300000
storage:
type: persistent-claim
size: 20Gi
deleteClaim: false
zookeeper:
replicas: 3
storage:
type: persistent-claim
size: 10Gi
deleteClaim: false
entityOperator:
topicOperator: {}
userOperator: {}
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
name: system-events
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: kafka-cluster
spec:
partitions: 3
replicas: 3
config:
retention.ms: 604800000 # 7 days
segment.bytes: 1073741824 # 1GB
cleanup.policy: delete
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: freeleaps-user
namespace: freeleaps-data-platform
labels:
strimzi.io/cluster: kafka-cluster
spec:
authentication:
type: scram-sha-512
authorization:
type: simple
acls:
- resource:
type: topic
name: "*"
patternType: literal
operation: All
host: "*"
- resource:
type: group
name: "*"
patternType: literal
operation: All
host: "*"

2493
cluster/manifests/freeleaps-data-platform/kafka/values.yaml
View File

File diff suppressed because it is too large Load Diff

126
cluster/manifests/freeleaps-data-platform/metabase/README.md
View File

@ -1,126 +0,0 @@
# Metabase Deployment
## Overview
This directory contains Kubernetes manifests for deploying Metabase, a business intelligence and analytics platform, along with its PostgreSQL database.
## Components
### 1. metabase-postgres.yaml
PostgreSQL database deployment:
- Persistent storage for data
- ConfigMap for database configuration
- Secret for database password
- Service for internal communication
### 2. metabase-deployment.yaml
Metabase application deployment:
- Metabase container with latest image
- Persistent storage for application data
- Environment variables for database connection
- Health checks and resource limits
- Service for internal communication
### 3. metabase-ingress.yaml
Ingress configuration for external access:
- Nginx ingress class
- Multiple host support (metabase.freeleaps.cluster, metabase.local)
- SSL redirect disabled for development
## Deployment Steps
### 1. Deploy PostgreSQL Database
```bash
kubectl apply -f metabase-postgres.yaml
```
### 2. Wait for PostgreSQL to be Ready
```bash
kubectl wait --for=condition=ready pod -l app=metabase-postgres -n metabase --timeout=300s
```
### 3. Deploy Metabase Application
```bash
kubectl apply -f metabase-deployment.yaml
```
### 4. Deploy Ingress (Optional)
```bash
kubectl apply -f metabase-ingress.yaml
```
### 5. Monitor Deployment
```bash
kubectl get pods -n metabase
kubectl get services -n metabase
kubectl get ingress -n metabase
```
## Configuration
### Database Connection
- **Type**: PostgreSQL
- **Host**: metabase-postgres
- **Port**: 5432
- **Database**: metabase
- **User**: metabase
- **Password**: metabasepassword
### Storage
- **Metabase Data**: 10Gi persistent storage
- **PostgreSQL Data**: 5Gi persistent storage
- **Storage Class**: azure-disk-std-ssd-lrs
### Resources
- **Metabase**: 512Mi-1Gi memory, 250m-500m CPU
- **PostgreSQL**: 256Mi-512Mi memory, 250m-500m CPU
## Access
### Internal Access
- **Metabase**: http://metabase.metabase.svc.cluster.local:3000
- **PostgreSQL**: metabase-postgres.metabase.svc.cluster.local:5432
### External Access (with Ingress)
- **Primary**: http://metabase.freeleaps.cluster
- **Alternative**: http://metabase.local
## Initial Setup
1. **First Access**: Navigate to the Metabase URL
2. **Setup Wizard**: Follow the initial setup wizard
3. **Database Connection**: Use the internal PostgreSQL connection
4. **Admin User**: Create the first admin user
5. **Data Sources**: Connect to your data sources
## Troubleshooting
### Check Pod Status
```bash
kubectl get pods -n metabase
kubectl describe pod <pod-name> -n metabase
```
### Check Logs
```bash
kubectl logs <pod-name> -n metabase
kubectl logs <pod-name> -n metabase -c postgres # for PostgreSQL
```
### Check Services
```bash
kubectl get services -n metabase
kubectl describe service metabase -n metabase
```
### Check Storage
```bash
kubectl get pvc -n metabase
kubectl describe pvc metabase-data -n metabase
```
## Notes
- **Initial Startup**: Metabase may take 2-3 minutes to start up on first deployment
- **Database**: Ensure PostgreSQL is fully ready before deploying Metabase
- **Storage**: Both Metabase and PostgreSQL use persistent storage for data persistence
- **Security**: Default password is base64 encoded, consider changing for production use

13
cluster/manifests/freeleaps-data-platform/metabase/certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: metabase-mathmast-dot-com
namespace: freeleaps-data-platform
spec:
commonName: metabase.mathmast.com
dnsNames:
- metabase.mathmast.com
issuerRef:
name: mathmast-dot-com
kind: ClusterIssuer
secretName: metabase-mathmast-dot-com-tls

145
cluster/manifests/freeleaps-data-platform/metabase/metabase-deployment.yaml
View File

@ -1,145 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: metabase
labels:
name: metabase
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metabase
namespace: metabase
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: metabase-data
namespace: metabase
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: azure-disk-std-ssd-lrs
---
apiVersion: v1
kind: ConfigMap
metadata:
name: metabase-config
namespace: metabase
data:
MB_DB_TYPE: "postgres"
MB_DB_DBNAME: "metabase"
MB_DB_PORT: "5432"
MB_DB_USER: "metabase"
MB_DB_HOST: "metabase-postgres"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metabase
namespace: metabase
labels:
app: metabase
spec:
replicas: 1
selector:
matchLabels:
app: metabase
template:
metadata:
labels:
app: metabase
spec:
serviceAccountName: metabase
containers:
- name: metabase
image: metabase/metabase:latest
ports:
- containerPort: 3000
name: http
env:
- name: MB_DB_TYPE
valueFrom:
configMapKeyRef:
name: metabase-config
key: MB_DB_TYPE
- name: MB_DB_DBNAME
valueFrom:
configMapKeyRef:
name: metabase-config
key: MB_DB_DBNAME
- name: MB_DB_PORT
valueFrom:
configMapKeyRef:
name: metabase-config
key: MB_DB_PORT
- name: MB_DB_USER
valueFrom:
configMapKeyRef:
name: metabase-config
key: MB_DB_USER
- name: MB_DB_HOST
valueFrom:
configMapKeyRef:
name: metabase-config
key: MB_DB_HOST
- name: MB_DB_PASS
valueFrom:
secretKeyRef:
name: metabase-db-secret
key: password
volumeMounts:
- name: metabase-data
mountPath: /metabase-data
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 120
periodSeconds: 30
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: metabase-data
persistentVolumeClaim:
claimName: metabase-data
---
apiVersion: v1
kind: Service
metadata:
name: metabase
namespace: metabase
labels:
app: metabase
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app: metabase
---
apiVersion: v1
kind: Secret
metadata:
name: metabase-db-secret
namespace: metabase
type: Opaque
data:
password: bWV0YWJhc2VwYXNzd29yZA== # metabasepassword in base64

32
cluster/manifests/freeleaps-data-platform/metabase/metabase-ingress.yaml
View File

@ -1,32 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: metabase-ingress
namespace: metabase
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
spec:
rules:
- host: metabase.freeleaps.cluster
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: metabase
port:
number: 3000
- host: metabase.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: metabase
port:
number: 3000

119
cluster/manifests/freeleaps-data-platform/metabase/metabase-postgres.yaml
View File

@ -1,119 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: metabase-postgres-data
namespace: metabase
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: azure-disk-std-ssd-lrs
---
apiVersion: v1
kind: ConfigMap
metadata:
name: metabase-postgres-config
namespace: metabase
data:
POSTGRES_DB: "metabase"
POSTGRES_USER: "metabase"
---
apiVersion: v1
kind: Secret
metadata:
name: metabase-postgres-secret
namespace: metabase
type: Opaque
data:
POSTGRES_PASSWORD: bWV0YWJhc2VwYXNzd29yZA== # metabasepassword in base64
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metabase-postgres
namespace: metabase
labels:
app: metabase-postgres
spec:
replicas: 1
selector:
matchLabels:
app: metabase-postgres
template:
metadata:
labels:
app: metabase-postgres
spec:
containers:
- name: postgres
image: postgres:15
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: metabase-postgres-config
key: POSTGRES_DB
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: metabase-postgres-config
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: metabase-postgres-secret
key: POSTGRES_PASSWORD
- name: PGDATA
value: "/var/lib/postgresql/data/pgdata"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- pg_isready
- -U
- metabase
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
exec:
command:
- pg_isready
- -U
- metabase
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: metabase-postgres-data
---
apiVersion: v1
kind: Service
metadata:
name: metabase-postgres
namespace: metabase
labels:
app: metabase-postgres
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app: metabase-postgres

361
cluster/manifests/freeleaps-data-platform/metabase/values.yaml Normal file
View File

@ -0,0 +1,361 @@
replicaCount: 1
hpa:
enabled: false
minReplicas: 1
maxReplicas: 6
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# Adding host aliases to the metabase deployment
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
pdb:
create: false
minAvailable: 1
maxUnavailable: ""
deploymentAnnotations: {}
deploymentLabels: {}
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
image:
repository: metabase/metabase
# Overrides the image tag whose default is the chart appVersion.
tag: ""
command: []
pullPolicy: IfNotPresent
pullSecrets: []
## String to fully override metabase.fullname template
##
# fullnameOverride:
# Config Jetty web server
listen:
host: "0.0.0.0"
port: 3000
monitoring:
enabled: false
serviceMonitor:
enabled: false
port: 9191
ssl:
# If you have an ssl certificate and would prefer to have Metabase run over HTTPS
enabled: false
# port: 8443
# keyStore: |-
# << JKS KEY STORE >>
# keyStorePassword: storepass
jetty:
# maxThreads: 254
# minThreads: 8
# maxQueued: -1
# maxIdleTime: 60000
# Backend database
database:
# Database type (h2 / mysql / postgres), default: h2
type: h2
# if h2 is used, the persistentVolume and pvc are used to store the database. Only for non-production environments.
persistence:
type: pvc
enabled: true
storageClassName: azure-disk-std-lrs
## (Optional) Use this to bind the claim to an existing PersistentVolume (PV) by name.
volumeName: ""
accessModes:
- ReadWriteOnce
size: 15Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# selectorLabels: {}
## Sub-directory of the PV to mount. Can be templated.
# subPath: ""
## Name of an existing PVC. Can be templated.
# existingClaim:
## Extra labels to apply to a PVC.
extraPvcLabels: {}
disableWarning: false
## If 'lookupVolumeName' is set to true, Helm will attempt to retrieve
## the current value of 'spec.volumeName' and incorporate it into the template.
lookupVolumeName: true
## Specify file to store H2 database. You will also have to back this with a volume (cf. extraVolume and extraVolumeMounts)!
# file:
# encryptionKey: << YOUR ENCRYPTION KEY OR LEAVE BLANK AND USE EXISTING SECRET >>
## Only need when you use mysql / postgres
# host:
# port:
# dbname:
# username:
# password:
## Alternatively, use a connection URI for full configurability. Example for SSL enabled Postgres.
# connectionURI: postgres://<host>:<port>/<database>?user=<username>&password=<password>&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
## If a secret with the database credentials already exists, use the following values:
# existingSecret:
# existingSecretUsernameKey:
# existingSecretPasswordKey:
# existingSecretConnectionURIKey:
# existingSecretEncryptionKeyKey:
# existingSecretPortKey:
# existingSecretHostKey:
# existingSecretDatabaseNameKey:
## One or more Google Cloud SQL database instances can be made available to Metabase via the *Cloud SQL Auth proxy*.
## These can be used for Metabase's internal database (by specifying `host: localhost` and the port above), or as
## additional databases (configured at Admin → Databases). Workload Identity should be used for authentication, so
## that when `serviceAccount.create=true`, `serviceAccount.annotations` should contain:
## iam.gke.io/gcp-service-account: your-gsa@email
## Ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine
googleCloudSQL:
## Found in Cloud Console "Cloud SQL Instance details" or using `gcloud sql instances describe INSTANCE_ID`
## example format: $project:$region:$instance=tcp:$port
## Each connection must have a unique TCP port.
instanceConnectionNames: []
## Option to use a specific version of the *Cloud SQL Auth proxy* sidecar image.
## ref: https://console.cloud.google.com/gcr/images/cloudsql-docker/GLOBAL/gce-proxy
# sidecarImageTag: latest
## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#running_the_as_a_sidecar
resources: {}
securityContext:
runAsNonRoot: true
password:
# Changing Metabase password complexity:
# weak: no character constraints
# normal: at least 1 digit (default)
# strong: minimum 8 characters w/ 2 lowercase, 2 uppercase, 1 digit, and 1 special character
complexity: normal
length: 6
timeZone: UTC
emojiLogging: true
colorLogging: true
javaOpts: -Xmx1024m -Xms512m
# pluginsDirectory: /plugins
siteUrl: https://metabase.mathmast.com
session:
{}
# maxSessionAge:
# sessionCookies:
# cookieSameSite:
# specify init containers, e.g. for module download
extraInitContainers: []
# - name: download-modules
# image: "curlimages/curl:7.70.0"
# imagePullPolicy: "IfNotPresent"
# volumeMounts:
# - name: plugins
# mountPath: /plugins
# workingDir: /plugins
# command:
# - "/bin/sh"
# - "-ec"
# - |
# curl -Lso /plugins/athena.metabase-driver.jar \
# https://github.com/dacort/metabase-athena-driver/releases/download/v1.1.0/athena.metabase-driver.jar
extraVolumeMounts: []
# - name: plugins
# mountPath: /plugins
# readOnly: false
extraVolumes: []
# - name: plugins
# emptyDir: {}
livenessProbe:
path: /api/health
initialDelaySeconds: 120
timeoutSeconds: 30
failureThreshold: 6
readinessProbe:
path: /api/health
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 5
service:
name: metabase
type: ClusterIP
externalPort: 80
internalPort: 3000
# Used to fix NodePort when service.type: NodePort.
nodePort:
annotations:
{}
# Used to add custom annotations to the Service.
# service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
labels:
{}
# Used to add custom labels to the Service.
loadBalancerSourceRanges: {}
# Used to configure a static IP address
loadBalancerIP:
ingress:
enabled: true
# The ingress class name, if you use multiple ingress controllers:
className: nginx
# Used to create Ingress record (should used with service.type: ClusterIP).
hosts:
- "metabase.mathmast.com"
# - metabase.domain.com
# The ingress path. Useful to host metabase on a subpath, such as `/metabase`.
path: /
pathType: Prefix
labels:
# Used to add custom labels to the Ingress
# Useful if for example you have multiple Ingress controllers and want your Ingress controllers to bind to specific Ingresses
# traffic: internal
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
# Secrets must be manually created in the namespace.
- secretName: metabase-mathmast-dot-com-tls
hosts:
- metabase.mathmast.com
route:
enabled: false
annotations:
{}
# haproxy.router.openshift.io/timeout: "60s"
# host: ""
path: ""
wildcardPolicy: "None"
tls:
{}
# termination: "Edge"
# insecureEdgeTerminationPolicy: "Redirect"
# key: ""
# certificate: ""
# caCertificate: ""
# destinationCACertificate: ""
# A custom log4j2.xml file can be provided using a multiline YAML string.
# See https://github.com/metabase/metabase/blob/master/resources/log4j2.xml
#
# log4j2XML:
# DEPRECATED; A custom log4j.properties file can be provided using a multiline YAML string.
# See https://github.com/metabase/metabase/blob/master/resources/log4j.properties
#
# log4jProperties:
# The deployment strategy to use
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec
# strategy:
# type: "Recreate"
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# autoMount is deprecated in favor of automountServiceAccountToken
# If you want to disable auto mount of Service Account Token then you can set the value to false;
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: false
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: "0.5"
memory: 512Mi
# You can also opt out of automounting API credentials for a particular Pod;
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
#
nodeSelector: {}
## Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Spread Constraints for pod assignment
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
## PriorityClass for pod assignment
## ref:
## https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
## priorityClass: ""
## AWS Security Group Policy (EKS)
## ref: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
##
awsEKS:
sgp:
enabled: false
# AWS Security Group IDs to attach to the pod
# sgIds:
# - sg-abc123
# - sg-xyz456
extraEnv: []
# - name: MB_CHECK_FOR_UPDATES
# value: false
# - name: MB_ADMIN_EMAIL
# valueFrom:
# configMapKeyRef:
# name: metabase
# key: email
envFrom:
[]
# - type: secret
# name: metabase-secret
# - type: configMap
# name: metabase-cm
securityContext: {}
sidecars:
[]
# - name: busybox
# image: busybox
# ports:
# - containerPort: 80
# name: http
# resources:
# requests:
# memory: 100Mi
# cpu: 10m
# limits:
# memory: 100Mi
# cpu: 10m
# command: ["/bin/sh"]
# args: ["-c", "while true; do echo hello; sleep 10;done"]

9
cluster/manifests/freeleaps-data-platform/schema-registry/secret.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: schema-registry-kafka-auth
namespace: freeleaps-data-platform
type: Opaque
data:
# Password for freeleaps-user (base64 encoded: xzjo1UdA7xs9d3DDHZ0NgaRoBwdhxyBE)
client-passwords: eHpqbzFVZEE3eHM5ZDNEREhaME5nYVJvQndkaHh5QkU=

788
cluster/manifests/freeleaps-data-platform/schema-registry/values.yaml Normal file
View File

@ -0,0 +1,788 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## e.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @section Common parameters
## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template with a string
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: freeleaps.cluster
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## @param usePasswordFiles Mount credentials as files instead of using environment variables
##
usePasswordFiles: true
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section Schema Registry parameters
## Bitnami Schema Registry image
## ref: https://hub.docker.com/r/bitnami/schema-registry/tags/
## @param image.registry [default: REGISTRY_NAME] Schema Registry image registry
## @param image.repository [default: REPOSITORY_NAME/schema-registry] Schema Registry image repository
## @skip image.tag Schema Registry image tag (immutable tags are recommended)
## @param image.digest Schema Registry image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Schema Registry image pull policy
## @param image.pullSecrets Schema Registry image pull secrets
## @param image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/schema-registry
tag: 8.0.0-debian-12-r4
digest: ""
## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases Schema Registry pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param podLabels Extra labels for Schema Registry pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param configuration Specify content for schema-registry.properties. Auto-generated based on other parameters when not specified
##
## e.g:
## configuration: |-
## listeners = http://0.0.0.0:8081
## kafkastore.bootstrap.servers = protocol://broker_hostname:port
## host.name = schema-registry
## kafkastore.topic = _schemas
## inter.instance.protocol = http
## avro.compatibility.level = backward
## debug = false
##
configuration: {}
## @param existingConfigmap Name of existing ConfigMap with Schema Registry configuration
## NOTE: When it's set the configuration parameter is ignored
##
existingConfigmap: ""
## @param log4j Schema Registry Log4J Configuration (optional)
## Overwrites default log4j.properties file
##
log4j: {}
## @param existingLog4jConfigMap Name of existing ConfigMap containing a custom log4j.properties file.
## NOTE: When it's set the log4j is ignored
##
existingLog4jConfigMap: ""
## Authentication parameteres
## https://github.com/bitnami/bitnami-docker-kafka#security
##
auth:
## TLS parameters to be used when a listener uses HTTPS
##
tls:
## @param auth.tls.enabled Enable TLS configuration to provide to be used when a listener uses HTTPS
##
enabled: false
## @param auth.tls.jksSecret Existing secret containing the truststore and one keystore per Schema Registry replica
##
## Create this secret following the steps below:
## 1) Generate your trustore and keystore files. Helpful script: https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh
## 2) Rename your truststore to `schema-registry.truststore.jks`.
## 3) Rename your keystores to `schema-registry-X.keystore.jks` where X is the ID of each Schema Registry replica
## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
## kubectl create secret generic SECRET_NAME --from-file=./schema-registry.truststore.jks --from-file=./schema-registry-0.keystore.jks --from-file=./schema-registry-1.keystore.jks ...
##
jksSecret: ""
## @param auth.tls.keystorePassword Password to access the keystore when it's password-protected
##
keystorePassword: ""
## @param auth.tls.truststorePassword Password to access the truststore when it's password-protected
##
truststorePassword: ""
## @param auth.tls.clientAuthentication Client authentication configuration.
## Valid options: NONE, REQUESTED, over REQUIRED
##
clientAuthentication: NONE
## Parameters to configure authentication with kafka brokers
##
kafka:
## @param auth.kafka.jksSecret Existing secret containing the truststore and one keystore per Schema Registry replica
##
## Create this secret following the steps below:
## 1) Generate your trustore and keystore files. Helpful script: https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh
## 2) Rename your truststore to `kafka.truststore.jks`.
## 3) Rename your keystores to `kafka-X.keystore.jks` where X is the ID of each Schema Registry replica
## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
## kubectl create secret generic SECRET_NAME --from-file=./kafka.truststore.jks --from-file=./kafka-0.keystore.jks --from-file=./kafka-1.keystore.jks ...
##
jksSecret: ""
## @param auth.kafka.tlsEndpointIdentificationAlgorithm The endpoint identification algorithm used validate brokers hostnames
## Disable server hostname verification by setting it to an empty string
## See: https://docs.confluent.io/current/kafka/authentication_ssl.html#optional-settings
##
tlsEndpointIdentificationAlgorithm: https
## @param auth.kafka.keystorePassword Password to access the keystore when it's password-protected
##
keystorePassword: ""
## @param auth.kafka.truststorePassword Password to access the truststore when it's password-protected
##
truststorePassword: ""
## @param auth.kafka.saslMechanism Mechanism that schema registry will use to connect to kafka. Allowed: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
##
saslMechanism: SCRAM-SHA-512
## @param listeners Comma-separated list of listeners that listen for API requests over either HTTP or HTTPS
##
listeners: http://0.0.0.0:8081
## @param avroCompatibilityLevel Avro compatibility type
## Valid options: none, backward, backward_transitive, forward, forward_transitive, full, or full_transitive
##
avroCompatibilityLevel: backward
## @param extraEnvVars Extra environment variables to be set on Schema Registry container
## e.g:
## extraEnvVars:
## - name: FOO
## value: BAR
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @section Schema Registry statefulset parameters
## @param replicaCount Number of Schema Registry replicas to deploy.
##
replicaCount: 1
## @param updateStrategy.type Schema Registry statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: OrderedReady
## @param podAnnotations Annotations for Schema Registry pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## @param priorityClassName Schema Registry pod priority class name
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
##
priorityClassName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: {}
## @param schedulerName Name of the k8s scheduler (other than default) for Schema Registry pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param lifecycleHooks for the Schema Registry container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## Schema Registry pods' Security Context.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Controller pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set Controller pod's Security Context fsGroup
## @param podSecurityContext.sysctls sysctl settings of the Schema Registry pods
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
supplementalGroups: []
fsGroup: 1001
## sysctl settings
## Example:
## sysctls:
## - name: net.core.somaxconn
## value: "10000"
##
sysctls: []
## Schema Registry containers' Security Context (only main container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Schema Registry containers' resource requests and limits.
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "small"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: "1"
memory: 1Gi
## Schema Registry pods' liveness and readiness probes. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
timeoutSeconds: 1
periodSeconds: 20
failureThreshold: 6
successThreshold: 1
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
timeoutSeconds: 1
periodSeconds: 20
failureThreshold: 6
successThreshold: 1
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 10
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 20
successThreshold: 1
## @param customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param extraVolumes Optionally specify extra list of additional volumes for schema-registry pods
## e.g:
## extraVolumes:
## - name: avro-properties
## configMap:
## name: avro-properties
##
extraVolumes: []
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for schema-registry container(s)
## e.g:
## extraVolumeMounts:
## - name: avro-properties
## mountPath: /bitnami/schema-registry/etc/schema-registry/connect-avro-standalone.properties
## subPath: connect-avro-standalone.properties
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the Schema Registry pods.
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
initContainers: []
## @param sidecars Add additional sidecar containers to the Schema Registry pods.
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## Schema Registry Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that must still be available after the eviction
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable after the eviction. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Schema Registry Autoscaling parameters.
## @param autoscaling.enabled Enable autoscaling for replicas
## @param autoscaling.minReplicas Minimum number of replicas
## @param autoscaling.maxReplicas Maximum number of replicas
## @param autoscaling.targetCPU Target CPU utilization percentage
## @param autoscaling.targetMemory Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPU: ""
targetMemory: ""
## @param autoscaling.customPodMetrics allows you to set a list of custom metrics to trigger the scaling.
## e.g:
## customPodMetrics:
## - name: "requests_per_second"
## averageValue: "2000m"
customPodMetrics: []
## @section Exposure Parameters
## Schema Registry Service paramaters.
##
service:
## @param service.type Kubernetes service type
##
type: ClusterIP
## @param service.ports.http Service HTTP port
##
ports:
http: 8081
## @param service.nodePorts.http Service HTTP node port
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
http: ""
## @param service.clusterIP Schema Registry service clusterIP IP
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.loadBalancerIP loadBalancerIP if service type is LoadBalancer
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.annotations Annotations for Schema Registry service
##
annotations: {}
## @param service.labels Labels for Schema Registry service
##
labels: {}
## @param service.extraPorts Extra ports to expose in Schema Registry service (normally used with the `sidecars` value)
##
extraPorts: []
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Headless service properties
##
headless:
## @param service.headless.annotations Annotations for the headless service.
##
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the ports the application is listening
## on. When true, the app will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access Schema Registry
##
ingress:
## @param ingress.enabled Enable ingress record generation for Schema Registry
##
enabled: false
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: schema-registry.local
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations Additional custom annotations for the ingress record
## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
##
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: schema-registry.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - schema-registry.local
## secretName: schema-registry.local-tls
##
extraTls: []
## @param ingress.secrets Custom TLS certificates as secrets
## NOTE: 'key' and 'certificate' are expected in PEM format
## NOTE: 'name' should line up with a 'secretName' set further up
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## secrets:
## - name: schema-registry.local-tls
## key: |-
## -----BEGIN RSA PRIVATE KEY-----
## ...
## -----END RSA PRIVATE KEY-----
## certificate: |-
## -----BEGIN CERTIFICATE-----
## ...
## -----END CERTIFICATE-----
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: schema-registry.local
## http:
## path: /
## backend:
## service:
## name: schema-registry
## port:
## name: http
##
extraRules: []
## @section RBAC parameters
## Schema Registry pods ServiceAccount.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable the creation of a ServiceAccount for Schema Registry pods
##
create: true
## @param serviceAccount.name Name of the created ServiceAccount to use
## If not set and create is true, a name is generated using the schema-registry.fullname template
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: {}
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: false
## @section Kafka chart parameters
##
## Kafka chart configuration
## For information about these parameters, refer to:
## https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml
##
kafka:
## @param kafka.enabled Enable/disable Kafka chart installation
##
enabled: false
## @param kafka.controller.replicaCount Number of Kafka controller-eligible (controller+broker) nodes
##
controller:
replicaCount: 1
## @param kafka.listeners.client.protocol Authentication protocol for communications with clients. Allowed protocols: `PLAINTEXT`, `SASL_PLAINTEXT`, `SASL_SSL`, `SSL`
##
listeners:
client:
protocol: "PLAINTEXT"
## @param kafka.service.ports.client Kafka svc port for client connections
##
service:
ports:
client: 9092
## @param kafka.overrideConfiguration [object] Kafka common configuration override
##
overrideConfiguration:
offsets.topic.replication.factor: 1
## @param kafka.sasl.client.users Comma-separated list of usernames for Kafka client listener when SASL is enabled
## @param kafka.sasl.client.passwords Comma-separated list of passwords for client listener when SASL is enabled, must match the number of client.users
##
sasl:
client:
users:
- user
passwords: ""
##
## External Kafka Configuration
## All of these values are only used when kafka.enabled is set to false
##
externalKafka:
## @param externalKafka.brokers Array of Kafka brokers to connect to. Format: protocol://broker_hostname:port
##
brokers:
- SASL_PLAINTEXT://freeleaps-kafka-cluster-kafka-bootstrap.freeleaps-data-platform.svc.freeleaps.cluster:9092
## @param externalKafka.listener.protocol Kafka listener protocol. Allowed protocols: PLAINTEXT, SASL_PLAINTEXT, SASL_SSL and SSL
##
listener:
protocol: SASL_PLAINTEXT
## Authentication parameters
## @param externalKafka.sasl.user User for SASL authentication
## @param externalKafka.sasl.password Password for SASL authentication
## @param externalKafka.sasl.existingSecret Name of the existing secret containing a password for SASL authentication (under the key named "client-passwords")
##
sasl:
user: freeleaps-user
password: ""
existingSecret: "schema-registry-kafka-auth"

1031
cluster/manifests/freeleaps-data-platform/zookeeper/values.yaml
View File

File diff suppressed because it is too large Load Diff

21
cluster/manifests/freeleaps-data-platform/zookeeper/vpa.yaml
View File

@ -1,21 +0,0 @@
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: zookeeper-vpa
namespace: freeleaps-data-platform
spec:
resourcePolicy:
containerPolicies:
- containerName: '*'
controlledResources:
- cpu
- memory
maxAllowed:
cpu: 200m
memory: 512Mi
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: zookeeper
updatePolicy:
updateMode: "Auto"

2
cluster/manifests/helm-repos/REPO.list
View File

@ -14,3 +14,5 @@ grafana,https://grafana.github.io/helm-charts,force-update
fluent,https://fluent.github.io/helm-charts,force-update
pinot,https://raw.githubusercontent.com/apache/pinot/master/helm,force-update
starrocks,https://starrocks.github.io/starrocks-kubernetes-operator,force-update
kafbat-ui,https://kafbat.github.io/helm-charts,force-update
pmint93,https://pmint93.github.io/helm-charts,force-update