Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(kafka-operator): add kafka-operator 0.25.1 #1512

Merged
merged 2 commits into from
Oct 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions stable/kafka-operator/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
9 changes: 9 additions & 0 deletions stable/kafka-operator/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
appVersion: v0.25.1
description: kafka-operator manages Kafka deployments on Kubernetes
name: kafka-operator
sources:
- https://github.com/banzaicloud/koperator
version: 0.25.1
maintainers:
- name: mhrabovcin
88 changes: 88 additions & 0 deletions stable/kafka-operator/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# Koperator chart

The [Koperator](https://github.com/banzaicloud/koperator) is a Kubernetes operator to deploy and manage [Apache Kafka](https://kafka.apache.org) resources for a Kubernetes cluster.

## Prerequisites

- Kubernetes 1.15.0+

## Installing the chart

Before installing the chart, you must first install the Koperator CustomResourceDefinition resources.
This is performed in a separate step to allow you to easily uninstall and reinstall Koperator without deleting your installed custom resources.

```
kubectl create --validate=false -f https://github.com/banzaicloud/koperator/releases/download/v0.25.1/kafka-operator.crds.yaml
```

To install the chart:

```
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
$ helm install kafka-operator --create-namespace --namespace=kafka banzaicloud-stable/kafka-operator
```

To install the operator using an already installed cert-manager
```bash
$ helm install kafka-operator --set certManager.namespace=<your cert manager namespace> --namespace=kafka --create-namespace banzaicloud-stable/kafka-operator
```

## Upgrading the chart

To upgrade the chart since the helm 3 limitation you have to set a value as well to keep your CRDs.
If this value is not set your CRDs might be deleted.

```bash
helm upgrade kafka-operator --set crd.enabled=true --namespace=kafka banzaicloud-stable/kafka-operator
```

## Uninstalling the Chart

To uninstall/delete the `kafka-operator` release:

```
$ helm delete --purge kafka-operator
```

The command removes all the Kubernetes components associated with the chart and deletes the release.

## Configuration

The following table lists the configurable parameters of the Banzaicloud Kafka Operator chart and their default values.

Parameter | Description | Default
--------- | ----------- | -------
`operator.image.repository` | Operator container image repository | `ghcr.io/banzaicloud/kafka-operator`
`operator.image.tag` | Operator container image tag | `v0.25.1`
`operator.image.pullPolicy` | Operator container image pull policy | `IfNotPresent`
`operator.serviceAccount.name` | ServiceAccount used by the operator pod | `kafka-operator`
`operator.serviceAccount.create` | If true, create the `operator.serviceAccount.name` service account | `true`
`operator.resources` | CPU/Memory resource requests/limits (YAML) | Memory: `128Mi/256Mi`, CPU: `100m/200m`
`operator.namespaces` | List of namespaces where Operator watches for custom resources.<br><br>**Note** that the operator still requires to read the cluster-scoped `Node` labels to configure `rack awareness`. Make sure the operator ServiceAccount is granted `get` permissions on this `Node` resource when using limited RBACs.| `""` i.e. all namespaces
`operator.annotations` | Operator pod annotations can be set | `{}`
`prometheusMetrics.enabled` | If true, use direct access for Prometheus metrics | `false`
`prometheusMetrics.authProxy.enabled` | If true, use auth proxy for Prometheus metrics | `true`
`prometheusMetrics.authProxy.serviceAccount.create` | If true, create the service account (see `prometheusMetrics.authProxy.serviceAccount.name`) used by prometheus auth proxy | `true`
`prometheusMetrics.authProxy.serviceAccount.name` | ServiceAccount used by prometheus auth proxy | `kafka-operator-authproxy`
`prometheusMetrics.authProxy.image.repository` | Auth proxy container image repository | `gcr.io/kubebuilder/kube-rbac-proxy`
`prometheusMetrics.authProxy.image.tag` | Auth proxy container image tag | `v0.13.0`
`prometheusMetrics.authProxy.image.pullPolicy` | Auth proxy container image pull policy | `IfNotPresent`
`rbac.enabled` | Create rbac service account and roles | `true`
`imagePullSecrets` | Image pull secrets can be set | `[]`
`replicaCount` | Operator replica count can be set | `1`
`alertManager.enable` | AlertManager can be enabled | `true`
`alertManager.permissivePeerAuthentication.create` | Permissive PeerAuthentication (Istio resource) for AlertManager can be created | `true`
`nodeSelector` | Operator pod node selector can be set | `{}`
`tolerations` | Operator pod tolerations can be set | `[]`
`affinity` | Operator pod affinity can be set | `{}`
`nameOverride` | Release name can be overwritten | `""`
`crd.enabled` | Whether to enable CRD installation(used for upgrade only) | `false`
`fullnameOverride` | Release full name can be overwritten | `""`
`certManager.namespace` | Operator will look for the cert manager in this namespace | `cert-manager`
`certManager.enabled` | Operator will integrate with the cert manager | `false`
`webhook.enabled` | Operator will activate the admission webhooks for custom resources | `true`
`webhook.certs.generate` | Helm chart will generate cert for the webhook | `true`
`webhook.certs.secret` | Helm chart will use the secret name applied here for the cert | `kafka-operator-serving-cert`
`additionalEnv` | Additional Environment Variables | `[]`
`additionalSidecars` | Additional Sidecars Configuration | `[]`
`additionalVolumes` | Additional volumes required for sidecars | `[]`
68 changes: 68 additions & 0 deletions stable/kafka-operator/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kafka-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kafka-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kafka-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Compute operator deployment serviceAccountName key
*/}}
{{- define "operator.serviceAccountName" -}}
{{- if .Values.operator.serviceAccount.create -}}
{{ default "default" .Values.operator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.operator.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Compute operator prometheus metrics auth proxy service account
*/}}
{{- define "operator.metricsAuthProxy.serviceAccountName" -}}
{{- if .Values.prometheusMetrics.authProxy.serviceAccount.create -}}
{{ default "default" .Values.prometheusMetrics.authProxy.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheusMetrics.authProxy.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Sidecar implementation details
*/}}
{{- define "chart.additionalSidecars"}}
{{ toYaml .Values.additionalSidecars }}
{{- end}}

{{/*
Sidecar volume implementation details
*/}}
{{- define "chart.additionalVolumes"}}
{{ toYaml .Values.additionalVolumes }}
{{- end}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{{- if and (.Values.alertManager.enable) (.Values.alertManager.permissivePeerAuthentication.create) (.Capabilities.APIVersions.Has "security.istio.io/v1beta1") -}}
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "{{ include "kafka-operator.fullname" . }}-alertmanager-peerauthenticaiton"
namespace: {{ .Release.Namespace | quote }}
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: alertmanager
spec:
selector:
matchLabels:
control-plane: controller-manager
component: alertmanager
portLevelMtls:
{{ .Values.alertManager.port | quote }}:
mode: PERMISSIVE
{{- end -}}
29 changes: 29 additions & 0 deletions stable/kafka-operator/templates/alertmanager-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- if .Values.alertManager.enable -}}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "kafka-operator.fullname" . }}-alertmanager"
namespace: {{ .Release.Namespace | quote }}
{{- if and .Values.prometheusMetrics.enabled (not .Values.prometheusMetrics.authProxy.enabled) }}
annotations:
{{- end }}
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: alertmanager
spec:
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: operator
ports:
- name: http-alerts
port: {{ .Values.alertManager.port }}
{{- end -}}
63 changes: 63 additions & 0 deletions stable/kafka-operator/templates/authproxy-rbac.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{{- if and .Values.prometheusMetrics.authProxy.serviceAccount.create .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
apiVersion: v1
kind: ServiceAccount
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
metadata:
name: {{ include "operator.metricsAuthProxy.serviceAccountName" .}}
namespace: {{ .Release.Namespace | quote }}
labels:
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: authproxy
{{- end }}
{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "{{ include "kafka-operator.fullname" . }}-authproxy"
labels:
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: authproxy
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "{{ include "kafka-operator.fullname" . }}-authproxy"
labels:
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: authproxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "{{ include "kafka-operator.fullname" . }}-authproxy"
subjects:
- kind: ServiceAccount
name: {{ include "operator.metricsAuthProxy.serviceAccountName" .}}
namespace: {{ .Release.Namespace }}
{{- end }}
31 changes: 31 additions & 0 deletions stable/kafka-operator/templates/authproxy-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{{- if and .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "kafka-operator.fullname" . }}-authproxy
namespace: {{ .Release.Namespace | quote }}
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
helm.sh/chart: {{ include "kafka-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: authproxy
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: operator
{{- end }}
Loading
Loading