From 5296fe57db23ec718863f3f6bf741d55f934630a Mon Sep 17 00:00:00 2001 From: clyang82 Date: Thu, 28 Nov 2024 16:02:48 +0800 Subject: [PATCH 01/16] Enable KRaft for Kafka Signed-off-by: clyang82 --- .../v1alpha4/multiclusterglobalhub_types.go | 4 - .../v1alpha4/zz_generated.deepcopy.go | 5 - ...al-hub-operator.clusterserviceversion.yaml | 11 +- ...-management.io_multiclusterglobalhubs.yaml | 32 - ...-management.io_multiclusterglobalhubs.yaml | 32 - ...al-hub-operator.clusterserviceversion.yaml | 6 +- operator/pkg/constants/constants.go | 8 - .../acm-global-strimzi-zookeeper.yaml | 1472 ----------------- .../grafana/manifests/deployment.yaml | 6 - .../manifests/global-hub-kafka-node-pool.yaml | 9 +- .../protocol/manifests/global-hub-kafka.yaml | 2 - .../protocol/manifests/metrics.yaml | 62 +- .../protocol/strimzi_transporter.go | 129 +- .../protocol/strimzi_transporter_test.go | 9 - operator/pkg/utils/utils.go | 7 - operator/pkg/utils/utils_test.go | 20 - .../operator/controllers/transporter_test.go | 17 - 17 files changed, 43 insertions(+), 1788 deletions(-) delete mode 100644 operator/pkg/controllers/grafana/manifests/acm-global-strimzi-zookeeper.yaml diff --git a/operator/api/operator/v1alpha4/multiclusterglobalhub_types.go b/operator/api/operator/v1alpha4/multiclusterglobalhub_types.go index 6e0eea5d1..bdd6f52e4 100644 --- a/operator/api/operator/v1alpha4/multiclusterglobalhub_types.go +++ b/operator/api/operator/v1alpha4/multiclusterglobalhub_types.go @@ -118,10 +118,6 @@ type AdvancedSpec struct { // +optional Kafka *CommonSpec `json:"kafka,omitempty"` - // Zookeeper specifies the desired state of zookeeper - // +optional - Zookeeper *CommonSpec `json:"zookeeper,omitempty"` - // Postgres specifies the desired state of postgres // +optional Postgres *CommonSpec `json:"postgres,omitempty"` diff --git a/operator/api/operator/v1alpha4/zz_generated.deepcopy.go b/operator/api/operator/v1alpha4/zz_generated.deepcopy.go index d94bb0bc3..ff6779e76 100644 --- a/operator/api/operator/v1alpha4/zz_generated.deepcopy.go +++ b/operator/api/operator/v1alpha4/zz_generated.deepcopy.go @@ -39,11 +39,6 @@ func (in *AdvancedSpec) DeepCopyInto(out *AdvancedSpec) { *out = new(CommonSpec) (*in).DeepCopyInto(*out) } - if in.Zookeeper != nil { - in, out := &in.Zookeeper, &out.Zookeeper - *out = new(CommonSpec) - (*in).DeepCopyInto(*out) - } if in.Postgres != nil { in, out := &in.Postgres, &out.Postgres *out = new(CommonSpec) diff --git a/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml b/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml index a0e2d04d9..8890ad26d 100644 --- a/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml +++ b/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml @@ -31,7 +31,7 @@ metadata: categories: Integration & Delivery,OpenShift Optional certified: "false" containerImage: quay.io/stolostron/multicluster-global-hub-operator:latest - createdAt: "2024-11-26T09:39:57Z" + createdAt: "2024-11-28T07:21:57Z" description: Manages the installation and upgrade of the Multicluster Global Hub. olm.skipRange: '>=1.3.0 <1.4.0' operatorframework.io/initialization-resource: '{"apiVersion":"operator.open-cluster-management.io/v1alpha4", @@ -144,12 +144,9 @@ spec: NAME READY STATUS RESTARTS AGE amq-streams-cluster-operator-v2.6.0-2-f49bf7559-569mw 1/1 Running 0 22m kafka-entity-operator-68dcd446f4-pg257 3/3 Running 0 19m - kafka-kafka-0 1/1 Running 0 20m - kafka-kafka-1 1/1 Running 0 20m - kafka-kafka-2 1/1 Running 0 20m - kafka-zookeeper-0 1/1 Running 0 21m - kafka-zookeeper-1 1/1 Running 0 21m - kafka-zookeeper-2 1/1 Running 0 21m + kafka-kafka-dual-role-0 1/1 Running 0 20m + kafka-kafka-dual-role-1 1/1 Running 0 20m + kafka-kafka-dual-role-2 1/1 Running 0 20m multicluster-global-hub-grafana-5b7cfb6876-5rcnn 2/2 Running 0 19m multicluster-global-hub-grafana-5b7cfb6876-wq99v 2/2 Running 0 19m multicluster-global-hub-manager-7f56d78c49-hzfvw 1/1 Running 0 19m diff --git a/operator/bundle/manifests/operator.open-cluster-management.io_multiclusterglobalhubs.yaml b/operator/bundle/manifests/operator.open-cluster-management.io_multiclusterglobalhubs.yaml index 91dc329ca..2c564ed88 100644 --- a/operator/bundle/manifests/operator.open-cluster-management.io_multiclusterglobalhubs.yaml +++ b/operator/bundle/manifests/operator.open-cluster-management.io_multiclusterglobalhubs.yaml @@ -221,38 +221,6 @@ spec: type: object type: object type: object - zookeeper: - description: Zookeeper specifies the desired state of zookeeper - properties: - resources: - description: Compute Resources required by this component - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - For more information, see: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If requests are omitted for a container, it defaults to the specified limits. - If there are no specified limits, it defaults to an implementation-defined value. - For more information, see: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - type: object type: object availabilityConfig: default: High diff --git a/operator/config/crd/bases/operator.open-cluster-management.io_multiclusterglobalhubs.yaml b/operator/config/crd/bases/operator.open-cluster-management.io_multiclusterglobalhubs.yaml index 3544277cc..1491f8a0f 100644 --- a/operator/config/crd/bases/operator.open-cluster-management.io_multiclusterglobalhubs.yaml +++ b/operator/config/crd/bases/operator.open-cluster-management.io_multiclusterglobalhubs.yaml @@ -221,38 +221,6 @@ spec: type: object type: object type: object - zookeeper: - description: Zookeeper specifies the desired state of zookeeper - properties: - resources: - description: Compute Resources required by this component - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - For more information, see: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If requests are omitted for a container, it defaults to the specified limits. - If there are no specified limits, it defaults to an implementation-defined value. - For more information, see: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - type: object type: object availabilityConfig: default: High diff --git a/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml index 7df0305ed..8cf49d7cb 100644 --- a/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml @@ -122,9 +122,9 @@ spec: kafka-kafka-0 1/1 Running 0 20m kafka-kafka-1 1/1 Running 0 20m kafka-kafka-2 1/1 Running 0 20m - kafka-zookeeper-0 1/1 Running 0 21m - kafka-zookeeper-1 1/1 Running 0 21m - kafka-zookeeper-2 1/1 Running 0 21m + kafka-kafka-dual-role-0 1/1 Running 0 20m + kafka-kafka-dual-role-1 1/1 Running 0 20m + kafka-kafka-dual-role-2 1/1 Running 0 20m multicluster-global-hub-grafana-5b7cfb6876-5rcnn 2/2 Running 0 19m multicluster-global-hub-grafana-5b7cfb6876-wq99v 2/2 Running 0 19m multicluster-global-hub-manager-7f56d78c49-hzfvw 1/1 Running 0 19m diff --git a/operator/pkg/constants/constants.go b/operator/pkg/constants/constants.go index 23ed68d1d..008aa8276 100644 --- a/operator/pkg/constants/constants.go +++ b/operator/pkg/constants/constants.go @@ -120,8 +120,6 @@ const ( // KinDClusterIPKey defines a KinD container host which is used for test. // It will be inject to the server certificates of kafka and inventory KinDClusterIPKey = "global-hub.open-cluster-management.io/kind-cluster-ip" - // EnableKRaft enables run kafka with kraft - EnableKRaft = "global-hub.open-cluster-management.io/enable-kraft" ) // AggregationLevel specifies the level of aggregation leaf hubs should do before sending the information @@ -179,12 +177,6 @@ const ( KafkaMemoryLimit = "4Gi" KafkaMemoryRequest = "128Mi" KafkaCPURequest = "25m" - - // default resources for zookeeper - Zookeeper = "zookeeper" - ZookeeperMemoryLimit = "3Gi" - ZookeeperMemoryRequest = "500Mi" - ZookeeperCPURequest = "20m" ) const ( diff --git a/operator/pkg/controllers/grafana/manifests/acm-global-strimzi-zookeeper.yaml b/operator/pkg/controllers/grafana/manifests/acm-global-strimzi-zookeeper.yaml deleted file mode 100644 index 09fe49c40..000000000 --- a/operator/pkg/controllers/grafana/manifests/acm-global-strimzi-zookeeper.yaml +++ /dev/null @@ -1,1472 +0,0 @@ -{{- if .EnableKafkaMetrics }} -apiVersion: v1 -data: - global-hub-strimzi-zookeeper.json: | - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 12, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "type": "postgres", - "uid": "P244538DD76A4C61D" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 26, - "panels": [], - "targets": [ - { - "datasource": { - "type": "postgres", - "uid": "P244538DD76A4C61D" - }, - "refId": "A" - } - ], - "title": "ZooKeeper", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Quorum size of ZooKeeper ensemble", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#d44a3a", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 2 - }, - { - "color": "#299c46", - "value": 3 - } - ] - }, - "unit": "none", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 0, - "y": 1 - }, - "id": 52, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "max(zookeeper_quorumsize{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\",strimzi_io_kind=\"Kafka\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Quorum Size", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of active connections", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#299c46", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "#d44a3a", - "value": 120 - } - ] - }, - "unit": "none", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 4, - "y": 1 - }, - "id": 54, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(zookeeper_numaliveconnections{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\",strimzi_io_kind=\"Kafka\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Active Connections", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of queued requests in the server. This goes up when the server receives more requests than it can process", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 1 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(zookeeper_outstandingrequests{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\",strimzi_io_kind=\"Kafka\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\"}) by (kubernetes_pod_name)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outstanding Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Amount of time (in ms) it takes for the server to respond to a client request", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 1 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(zookeeper_avgrequestlatency{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\"}) by (kubernetes_pod_name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Request Latency - Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": "Request Latency (ms)", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#299c46", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 500 - }, - { - "color": "#d44a3a", - "value": 800 - } - ] - }, - "unit": "none", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 0, - "y": 5 - }, - "id": 64, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "avg(zookeeper_inmemorydatatree_nodecount{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\",strimzi_io_kind=\"Kafka\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Number of ZNodes", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of watchers", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#299c46", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 100 - }, - { - "color": "#d44a3a", - "value": 200 - } - ] - }, - "unit": "none", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 4, - "y": 5 - }, - "id": 66, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(zookeeper_inmemorydatatree_watchcount{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\",strimzi_io_kind=\"Kafka\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Number of watchers", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "ZooKeeper pods memory usage", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 9 - }, - "hiddenSeries": false, - "id": 87, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(container_memory_usage_bytes{namespace=\"$kubernetes_namespace\",container=\"zookeeper\",pod=~\"$strimzi_cluster_name-$zk_node\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{pod}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Aggregated ZooKeeper pods CPU usage", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 9 - }, - "hiddenSeries": false, - "id": 85, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$kubernetes_namespace\",container=\"zookeeper\",pod=~\"$strimzi_cluster_name-$zk_node\"}[5m])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{pod}}` }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Kafka broker pods disk usage", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 9 - }, - "hiddenSeries": false, - "id": 89, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(kubelet_volume_stats_available_bytes{namespace=\"$kubernetes_namespace\",persistentvolumeclaim=~\"data(-[0-9]+)?-$strimzi_cluster_name-$zk_node\", persistentvolumeclaim=~\".*zookeeper(-[0-9]+)?$\"}) by (persistentvolumeclaim)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{persistentvolumeclaim}}` }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Available Disk Space", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Open File Descriptors", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 9 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(process_open_fds{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\",container=\"zookeeper\"}) by (kubernetes_pod_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Open File Descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 91, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(jvm_memory_bytes_used{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\",strimzi_io_name=\"$strimzi_cluster_name-zookeeper\"}) by (kubernetes_pod_name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "JVM Memory Used", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 16 - }, - "hiddenSeries": false, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(jvm_gc_collection_seconds_sum{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\",strimzi_io_name=\"$strimzi_cluster_name-zookeeper\"}[5m])) by (kubernetes_pod_name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "JVM GC Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 16 - }, - "hiddenSeries": false, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(jvm_gc_collection_seconds_count{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\",strimzi_io_name=\"$strimzi_cluster_name-zookeeper\"}[5m])) by (kubernetes_pod_name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "JVM GC Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "JVM thread count", - "fieldConfig": { - "defaults": { - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 16 - }, - "hiddenSeries": false, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(jvm_threads_current{namespace=\"$kubernetes_namespace\",kubernetes_pod_name=~\"$strimzi_cluster_name-$zk_node\",strimzi_io_name=\"$strimzi_cluster_name-zookeeper\"}) by (kubernetes_pod_name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ `{{kubernetes_pod_name}}` }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "JVM thread count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "refresh": "30s", - "schemaVersion": 39, - "tags": [ - "Strimzi", - "Kafka", - "Zookeeper" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "PBFA97CFB590B2093" - }, - "hide": 2, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "multicluster-global-hub", - "value": "multicluster-global-hub" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 2, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "kubernetes_namespace", - "options": [], - "query": "query_result(zookeeper_inmemorydatatree_nodecount)", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "current": { - "selected": false, - "text": "kafka", - "value": "kafka" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 2, - "includeAll": false, - "label": "Cluster Name", - "multi": false, - "name": "strimzi_cluster_name", - "options": [], - "query": "query_result(zookeeper_inmemorydatatree_nodecount{namespace=\"$kubernetes_namespace\"})", - "refresh": 1, - "regex": "/.*strimzi_io_cluster=\"([^\"]*).*/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Node", - "multi": false, - "name": "zk_node", - "options": [], - "query": "query_result(zookeeper_inmemorydatatree_nodecount{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\"})", - "refresh": 1, - "regex": "/.*pod_name=\"$strimzi_cluster_name-([^\"]*).*/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Global Hub - Strimzi ZooKeeper", - "uid": "fc85de600d62d9841e9de00083b24b72", - "version": 1, - "weekStart": "" - } -kind: ConfigMap -metadata: - name: grafana-dashboard-acm-strimzi-zookeeper - namespace: {{ .Namespace }} - labels: - global-hub.open-cluster-management.io/metrics-resource: strimzi -{{- end }} diff --git a/operator/pkg/controllers/grafana/manifests/deployment.yaml b/operator/pkg/controllers/grafana/manifests/deployment.yaml index 0529aaa25..895b61330 100644 --- a/operator/pkg/controllers/grafana/manifests/deployment.yaml +++ b/operator/pkg/controllers/grafana/manifests/deployment.yaml @@ -103,8 +103,6 @@ spec: name: grafana-dashboard-acm-strimzi-kafka - mountPath: /grafana-dashboards/1/global-hub-strimzi-operator name: grafana-dashboard-acm-strimzi-operator - - mountPath: /grafana-dashboards/1/global-hub-strimzi-zookeeper - name: grafana-dashboard-acm-strimzi-zookeeper {{- end }} {{- if .EnablePostgresMetrics }} - mountPath: /grafana-dashboards/2/acm-global-postgres-tables @@ -241,10 +239,6 @@ spec: defaultMode: 420 name: grafana-dashboard-acm-strimzi-operator name: grafana-dashboard-acm-strimzi-operator - - configMap: - defaultMode: 420 - name: grafana-dashboard-acm-strimzi-zookeeper - name: grafana-dashboard-acm-strimzi-zookeeper {{- end }} {{- if .EnablePostgresMetrics }} - configMap: diff --git a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml index e29ed0aef..f3f0a5253 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml @@ -1,4 +1,3 @@ -{{ if .EnableKRaft }} apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaNodePool metadata: @@ -7,7 +6,7 @@ metadata: strimzi.io/cluster: {{.KafkaCluster}} namespace: {{.Namespace}} spec: - replicas: 1 + replicas: 3 roles: - controller - broker @@ -16,7 +15,9 @@ spec: volumes: - id: 0 type: persistent-claim - size: 1Gi + size: {{.StorageSize}} deleteClaim: false kraftMetadata: shared -{{ end }} \ No newline at end of file + {{ if .StorageClass }} + class: {{.StorageClass}} + {{ end }} diff --git a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml index 58f458afe..09aa95156 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml @@ -1,4 +1,3 @@ -{{ if .EnableKRaft }} apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: @@ -39,4 +38,3 @@ spec: entityOperator: topicOperator: {} userOperator: {} -{{ end }} \ No newline at end of file diff --git a/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml b/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml index 5d59cc5e7..5e6a6ea92 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml @@ -133,56 +133,22 @@ data: type: GAUGE labels: quantile: "0.$4" - # KRaft mode: uncomment the following lines to export KRaft related metrics - # KRaft overall related metrics - # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics - #- pattern: "kafka.server<>(.+-total|.+-max):" - # name: kafka_server_raftmetrics_$1 - # type: COUNTER - #- pattern: "kafka.server<>(.+):" - # name: kafka_server_raftmetrics_$1 - # type: GAUGE - # KRaft "low level" channels related metrics - # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics - #- pattern: "kafka.server<>(.+-total|.+-max):" - # name: kafka_server_raftchannelmetrics_$1 - # type: COUNTER - #- pattern: "kafka.server<>(.+):" - # name: kafka_server_raftchannelmetrics_$1 - # type: GAUGE - # Broker metrics related to fetching metadata topic records in KRaft mode - #- pattern: "kafka.server<>(.+):" - # name: kafka_server_brokermetadatametrics_$1 - # type: GAUGE - zookeeper-metrics-config.yml: | - # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics - lowercaseOutputName: true - rules: - # replicated Zookeeper - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$2" - type: GAUGE - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$3" + - pattern: "kafka.server<>(.+-total|.+-max):" + name: kafka_server_raftmetrics_$1 + type: COUNTER + - pattern: "kafka.server<>(.+):" + name: kafka_server_raftmetrics_$1 type: GAUGE - labels: - replicaId: "$2" - - pattern: "org.apache.ZooKeeperService<>(Packets\\w+)" - name: "zookeeper_$4" + KRaft "low level" channels related metrics + distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics + - pattern: "kafka.server<>(.+-total|.+-max):" + name: kafka_server_raftchannelmetrics_$1 type: COUNTER - labels: - replicaId: "$2" - memberType: "$3" - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$4" + - pattern: "kafka.server<>(.+):" + name: kafka_server_raftchannelmetrics_$1 type: GAUGE - labels: - replicaId: "$2" - memberType: "$3" - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$4_$5" + Broker metrics related to fetching metadata topic records in KRaft mode + - pattern: "kafka.server<>(.+):" + name: kafka_server_brokermetadatametrics_$1 type: GAUGE - labels: - replicaId: "$2" - memberType: "$3" {{ end }} \ No newline at end of file diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 368d53f52..aa8c58764 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -47,27 +47,26 @@ const ( DefaultCatalogSourceNamespace = "openshift-marketplace" // subscription - production - DefaultAMQChannel = "amq-streams-2.7.x" + DefaultAMQChannel = "amq-streams-2.8.x" DefaultAMQPackageName = "amq-streams" DefaultCatalogSourceName = "redhat-operators" // subscription - community // The KRaft Compatibility: https://github.com/orgs/strimzi/discussions/10836 - CommunityChannel = "strimzi-0.42.x" + CommunityChannel = "strimzi-0.43.x" CommunityPackageName = "strimzi-kafka-operator" CommunityCatalogSourceName = "community-operators" ) var ( - DefaultAMQKafkaVersion = "3.7.0" + DefaultAMQKafkaVersion = "3.8.0" KafkaStorageIdentifier int32 = 0 KafkaStorageDeleteClaim = false DefaultPartition int32 = 1 DefaultPartitionReplicas int32 = 3 // kafka metrics constants - KakfaMetricsConfigmapName = "kafka-metrics" - KafkaMetricsConfigmapKeyRef = "kafka-metrics-config.yml" - ZooKeeperMetricsConfigmapKeyRef = "zookeeper-metrics-config.yml" + KakfaMetricsConfigmapName = "kafka-metrics" + KafkaMetricsConfigmapKeyRef = "kafka-metrics-config.yml" ) // install the strimzi kafka cluster by operator @@ -194,30 +193,23 @@ func (k *strimziTransporter) EnsureKafka() (bool, error) { return true, nil } - _, enableKRaft := k.mgh.Annotations[operatorconstants.EnableKRaft] - // Since the kafka cluster creation need the metric configmap, render the resource before creating the cluster // kafka metrics, monitor, global hub kafkaTopic and kafkaUser - err = k.renderKafkaResources(k.mgh, enableKRaft) + err = k.renderKafkaResources(k.mgh) if err != nil { return true, err } - if !enableKRaft { - // TODO: use manifest to create kafka cluster - err, _ = k.CreateUpdateKafkaCluster(k.mgh) - if err != nil { - return true, err - } + err, _ = k.CreateUpdateKafkaCluster(k.mgh) + if err != nil { + return true, err } return false, nil } // renderKafkaMetricsResources renders the kafka podmonitor and metrics, and kafkaUser and kafkaTopic for global hub -func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.MulticlusterGlobalHub, - enableKRaft bool, -) error { +func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.MulticlusterGlobalHub) error { statusTopic := config.GetRawStatusTopic() statusPlaceholderTopic := config.GetRawStatusTopic() topicParttern := kafkav1beta2.KafkaUserSpecAuthorizationAclsElemResourcePatternTypeLiteral @@ -227,7 +219,7 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu topicParttern = kafkav1beta2.KafkaUserSpecAuthorizationAclsElemResourcePatternTypePrefix } topicReplicas := DefaultPartitionReplicas - if mgh.Spec.AvailabilityConfig == operatorv1alpha4.HABasic || enableKRaft { + if mgh.Spec.AvailabilityConfig == operatorv1alpha4.HABasic { topicReplicas = 1 } // brokerAdvertisedHost is used for test in KinD cluster. we need to use AdvertisedHost to pass tls authn. @@ -248,10 +240,11 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu StatusPlaceholderTopic string TopicPartition int32 TopicReplicas int32 - EnableKRaft bool KinDClusterIPAddress string EnableInventoryAPI bool KafkaInventoryTopic string + StorageSize string + StorageClass string }{ EnableMetrics: mgh.Spec.EnableMetrics, Namespace: mgh.GetNamespace(), @@ -263,10 +256,11 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu StatusPlaceholderTopic: statusPlaceholderTopic, TopicPartition: DefaultPartition, TopicReplicas: topicReplicas, - EnableKRaft: enableKRaft, KinDClusterIPAddress: brokerAdvertisedHost, EnableInventoryAPI: config.WithInventory(mgh), KafkaInventoryTopic: "kessel-inventory", + StorageSize: config.GetKafkaStorageSize(mgh), + StorageClass: mgh.Spec.DataLayerSpec.StorageClass, }, nil }) if err != nil { @@ -580,9 +574,8 @@ func (k *strimziTransporter) kafkaClusterReady() (KafkaStatus, error) { kakfaReason: "KafkaNotReady", kafkaMessage: "Wait kafka cluster ready", } - var err error - err = k.manager.GetClient().Get(k.ctx, types.NamespacedName{ + err := k.manager.GetClient().Get(k.ctx, types.NamespacedName{ Name: k.kafkaClusterName, Namespace: k.kafkaClusterNamespace, }, kafkaCluster) @@ -647,7 +640,6 @@ func (k *strimziTransporter) CreateUpdateKafkaCluster(mgh *operatorv1alpha4.Mult } updatedKafka.Spec.Kafka.MetricsConfig = desiredKafka.Spec.Kafka.MetricsConfig - updatedKafka.Spec.Zookeeper.MetricsConfig = desiredKafka.Spec.Zookeeper.MetricsConfig if !reflect.DeepEqual(updatedKafka.Spec, existingKafka.Spec) { return k.manager.GetClient().Update(k.ctx, updatedKafka), true @@ -672,41 +664,7 @@ func (k *strimziTransporter) getKafkaResources( return kafkaSpecRes } -func (k *strimziTransporter) getZookeeperResources( - mgh *operatorv1alpha4.MulticlusterGlobalHub, -) *kafkav1beta2.KafkaSpecZookeeperResources { - zookeeperRes := operatorutils.GetResources(operatorconstants.Zookeeper, mgh.Spec.AdvancedSpec) - - zookeeperSpecRes := &kafkav1beta2.KafkaSpecZookeeperResources{} - jsonData, err := json.Marshal(zookeeperRes) - if err != nil { - log.Error(err, "failed to marshal zookeeper resources") - } - err = json.Unmarshal(jsonData, zookeeperSpecRes) - if err != nil { - log.Error(err, "failed to unmarshal to KafkaSpecZookeeperResources") - } - return zookeeperSpecRes -} - func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterGlobalHub) *kafkav1beta2.Kafka { - storageSize := config.GetKafkaStorageSize(mgh) - kafkaSpecKafkaStorageVolumesElem := kafkav1beta2.KafkaSpecKafkaStorageVolumesElem{ - Id: &KafkaStorageIdentifier, - Size: &storageSize, - Type: kafkav1beta2.KafkaSpecKafkaStorageVolumesElemTypePersistentClaim, - DeleteClaim: &KafkaStorageDeleteClaim, - } - kafkaSpecZookeeperStorage := kafkav1beta2.KafkaSpecZookeeperStorage{ - Type: kafkav1beta2.KafkaSpecZookeeperStorageTypePersistentClaim, - Size: &storageSize, - DeleteClaim: &KafkaStorageDeleteClaim, - } - - if mgh.Spec.DataLayerSpec.StorageClass != "" { - kafkaSpecKafkaStorageVolumesElem.Class = &mgh.Spec.DataLayerSpec.StorageClass - kafkaSpecZookeeperStorage.Class = &mgh.Spec.DataLayerSpec.StorageClass - } kafkaCluster := &kafkav1beta2.Kafka{ ObjectMeta: metav1.ObjectMeta{ @@ -720,7 +678,6 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG Kafka: kafkav1beta2.KafkaSpecKafka{ Config: &apiextensions.JSON{Raw: []byte(`{ "default.replication.factor": 3, -"inter.broker.protocol.version": "3.7", "min.insync.replicas": 2, "offsets.topic.replication.factor": 3, "transaction.state.log.min.isr": 2, @@ -748,18 +705,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG Type: kafkav1beta2.KafkaSpecKafkaAuthorizationTypeSimple, }, Replicas: 3, - Storage: kafkav1beta2.KafkaSpecKafkaStorage{ - Type: kafkav1beta2.KafkaSpecKafkaStorageTypeJbod, - Volumes: []kafkav1beta2.KafkaSpecKafkaStorageVolumesElem{ - kafkaSpecKafkaStorageVolumesElem, - }, - }, - Version: &DefaultAMQKafkaVersion, - }, - Zookeeper: kafkav1beta2.KafkaSpecZookeeper{ - Replicas: 3, - Storage: kafkaSpecZookeeperStorage, - Resources: k.getZookeeperResources(mgh), + Version: &DefaultAMQKafkaVersion, }, EntityOperator: &kafkav1beta2.KafkaSpecEntityOperator{ TopicOperator: &kafkav1beta2.KafkaSpecEntityOperatorTopicOperator{}, @@ -781,7 +727,6 @@ func (k *strimziTransporter) setMetricsConfig(mgh *operatorv1alpha4.Multicluster kafkaCluster *kafkav1beta2.Kafka, ) { kafkaMetricsConfig := &kafkav1beta2.KafkaSpecKafkaMetricsConfig{} - zookeeperMetricsConfig := &kafkav1beta2.KafkaSpecZookeeperMetricsConfig{} if mgh.Spec.EnableMetrics { kafkaMetricsConfig = &kafkav1beta2.KafkaSpecKafkaMetricsConfig{ Type: kafkav1beta2.KafkaSpecKafkaMetricsConfigTypeJmxPrometheusExporter, @@ -792,17 +737,7 @@ func (k *strimziTransporter) setMetricsConfig(mgh *operatorv1alpha4.Multicluster }, }, } - zookeeperMetricsConfig = &kafkav1beta2.KafkaSpecZookeeperMetricsConfig{ - Type: kafkav1beta2.KafkaSpecZookeeperMetricsConfigTypeJmxPrometheusExporter, - ValueFrom: kafkav1beta2.KafkaSpecZookeeperMetricsConfigValueFrom{ - ConfigMapKeyRef: &kafkav1beta2.KafkaSpecZookeeperMetricsConfigValueFromConfigMapKeyRef{ - Name: &KakfaMetricsConfigmapName, - Key: &ZooKeeperMetricsConfigmapKeyRef, - }, - }, - } kafkaCluster.Spec.Kafka.MetricsConfig = kafkaMetricsConfig - kafkaCluster.Spec.Zookeeper.MetricsConfig = zookeeperMetricsConfig } } @@ -811,7 +746,6 @@ func (k *strimziTransporter) setAffinity(mgh *operatorv1alpha4.MulticlusterGloba kafkaCluster *kafkav1beta2.Kafka, ) { kafkaPodAffinity := &kafkav1beta2.KafkaSpecKafkaTemplatePodAffinity{} - zookeeperPodAffinity := &kafkav1beta2.KafkaSpecZookeeperTemplatePodAffinity{} entityOperatorPodAffinity := &kafkav1beta2.KafkaSpecEntityOperatorTemplatePodAffinity{} if mgh.Spec.NodeSelector != nil { @@ -840,8 +774,6 @@ func (k *strimziTransporter) setAffinity(mgh *operatorv1alpha4.MulticlusterGloba KafkaSpecKafkaTemplatePodAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsElem, 0) - zookeeperNodeSelectorTermsElem := make([]kafkav1beta2. - KafkaSpecZookeeperTemplatePodAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsElem, 0) entityOperatorNodeSelectorTermsElem := make([]kafkav1beta2. KafkaSpecEntityOperatorTemplatePodAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsElem, 0) @@ -849,21 +781,11 @@ func (k *strimziTransporter) setAffinity(mgh *operatorv1alpha4.MulticlusterGloba if err != nil { log.Error("failed to unmarshal to kafkaNodeSelectorTermsElem: ", err) } - err = json.Unmarshal(jsonData, &zookeeperNodeSelectorTermsElem) - if err != nil { - log.Error("failed to unmarshal to zookeeperNodeSelectorTermsElem: ", err) - } err = json.Unmarshal(jsonData, &entityOperatorNodeSelectorTermsElem) if err != nil { log.Error("failed to unmarshal to entityOperatorNodeSelectorTermsElem: ", err) } - zookeeperPodAffinity.NodeAffinity = &kafkav1beta2.KafkaSpecZookeeperTemplatePodAffinityNodeAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: &kafkav1beta2. - KafkaSpecZookeeperTemplatePodAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution{ - NodeSelectorTerms: zookeeperNodeSelectorTermsElem, - }, - } kafkaPodAffinity.NodeAffinity = &kafkav1beta2.KafkaSpecKafkaTemplatePodAffinityNodeAffinity{ RequiredDuringSchedulingIgnoredDuringExecution: &kafkav1beta2. KafkaSpecKafkaTemplatePodAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution{ @@ -883,11 +805,6 @@ func (k *strimziTransporter) setAffinity(mgh *operatorv1alpha4.MulticlusterGloba Affinity: kafkaPodAffinity, }, } - kafkaCluster.Spec.Zookeeper.Template = &kafkav1beta2.KafkaSpecZookeeperTemplate{ - Pod: &kafkav1beta2.KafkaSpecZookeeperTemplatePod{ - Affinity: zookeeperPodAffinity, - }, - } kafkaCluster.Spec.EntityOperator.Template = &kafkav1beta2.KafkaSpecEntityOperatorTemplate{ Pod: &kafkav1beta2.KafkaSpecEntityOperatorTemplatePod{ Affinity: entityOperatorPodAffinity, @@ -895,7 +812,6 @@ func (k *strimziTransporter) setAffinity(mgh *operatorv1alpha4.MulticlusterGloba } } else { kafkaCluster.Spec.Kafka.Template.Pod.Affinity = kafkaPodAffinity - kafkaCluster.Spec.Zookeeper.Template.Pod.Affinity = zookeeperPodAffinity kafkaCluster.Spec.EntityOperator.Template.Pod.Affinity = entityOperatorPodAffinity } } @@ -906,7 +822,6 @@ func (k *strimziTransporter) setTolerations(mgh *operatorv1alpha4.MulticlusterGl kafkaCluster *kafkav1beta2.Kafka, ) { kafkaTolerationsElem := make([]kafkav1beta2.KafkaSpecKafkaTemplatePodTolerationsElem, 0) - zookeeperTolerationsElem := make([]kafkav1beta2.KafkaSpecZookeeperTemplatePodTolerationsElem, 0) entityOperatorTolerationsElem := make([]kafkav1beta2.KafkaSpecEntityOperatorTemplatePodTolerationsElem, 0) if mgh.Spec.Tolerations != nil { @@ -918,10 +833,6 @@ func (k *strimziTransporter) setTolerations(mgh *operatorv1alpha4.MulticlusterGl if err != nil { log.Error("failed to unmarshal to KafkaSpecruntimeKafkaTemplatePodTolerationsElem: ", err) } - err = json.Unmarshal(jsonData, &zookeeperTolerationsElem) - if err != nil { - log.Error("failed to unmarshal to KafkaSpecZookeeperTemplatePodTolerationsElem: ", err) - } err = json.Unmarshal(jsonData, &entityOperatorTolerationsElem) if err != nil { log.Error("failed to unmarshal to KafkaSpecEntityOperatorTemplatePodTolerationsElem: ", err) @@ -933,11 +844,6 @@ func (k *strimziTransporter) setTolerations(mgh *operatorv1alpha4.MulticlusterGl Tolerations: kafkaTolerationsElem, }, } - kafkaCluster.Spec.Zookeeper.Template = &kafkav1beta2.KafkaSpecZookeeperTemplate{ - Pod: &kafkav1beta2.KafkaSpecZookeeperTemplatePod{ - Tolerations: zookeeperTolerationsElem, - }, - } kafkaCluster.Spec.EntityOperator.Template = &kafkav1beta2.KafkaSpecEntityOperatorTemplate{ Pod: &kafkav1beta2.KafkaSpecEntityOperatorTemplatePod{ Tolerations: entityOperatorTolerationsElem, @@ -945,7 +851,6 @@ func (k *strimziTransporter) setTolerations(mgh *operatorv1alpha4.MulticlusterGl } } else { kafkaCluster.Spec.Kafka.Template.Pod.Tolerations = kafkaTolerationsElem - kafkaCluster.Spec.Zookeeper.Template.Pod.Tolerations = zookeeperTolerationsElem kafkaCluster.Spec.EntityOperator.Template.Pod.Tolerations = entityOperatorTolerationsElem } } diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go index f93872c61..8e30514a2 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go @@ -2,7 +2,6 @@ package protocol import ( "testing" - "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -12,14 +11,6 @@ import ( "github.com/stolostron/multicluster-global-hub/pkg/utils" ) -var ( - mghName = "mgh" - mghNamespace = "default" - now = time.Now() - reason = "KafkaNotReady" - message = "Kafka cluster is not ready" -) - func TestNewStrimziTransporter(t *testing.T) { mgh := &v1alpha4.MulticlusterGlobalHub{ ObjectMeta: metav1.ObjectMeta{ diff --git a/operator/pkg/utils/utils.go b/operator/pkg/utils/utils.go index 05bd06880..6d74b7ff4 100644 --- a/operator/pkg/utils/utils.go +++ b/operator/pkg/utils/utils.go @@ -324,13 +324,6 @@ func GetResources(component string, advanced *v1alpha4.AdvancedSpec) *corev1.Res if advanced != nil && advanced.Kafka != nil { setResourcesFromCR(advanced.Kafka.Resources, requests, limits) } - case operatorconstants.Zookeeper: - requests[corev1.ResourceName(corev1.ResourceMemory)] = resource.MustParse(operatorconstants.ZookeeperMemoryRequest) - requests[corev1.ResourceName(corev1.ResourceCPU)] = resource.MustParse(operatorconstants.ZookeeperCPURequest) - limits[corev1.ResourceName(corev1.ResourceMemory)] = resource.MustParse(operatorconstants.ZookeeperMemoryLimit) - if advanced != nil && advanced.Zookeeper != nil { - setResourcesFromCR(advanced.Zookeeper.Resources, requests, limits) - } } resourceReq.Limits = limits diff --git a/operator/pkg/utils/utils_test.go b/operator/pkg/utils/utils_test.go index 76dcd63d6..ce586a44e 100644 --- a/operator/pkg/utils/utils_test.go +++ b/operator/pkg/utils/utils_test.go @@ -390,26 +390,6 @@ func Test_GetResources(t *testing.T) { }, custom: true, }, - { - name: "Test Zookeeper with default values", - component: constants.Zookeeper, - cpuRequest: constants.ZookeeperCPURequest, - cpuLimit: "0", - memoryRequest: constants.ZookeeperMemoryRequest, - memoryLimit: constants.ZookeeperMemoryLimit, - }, - { - name: "Test Zookeeper with customized values", - component: constants.Zookeeper, - advanced: func(resReq *v1alpha4.ResourceRequirements) *v1alpha4.AdvancedSpec { - return &v1alpha4.AdvancedSpec{ - Zookeeper: &v1alpha4.CommonSpec{ - Resources: resReq, - }, - } - }, - custom: true, - }, } resReq := &v1alpha4.ResourceRequirements{ diff --git a/test/integration/operator/controllers/transporter_test.go b/test/integration/operator/controllers/transporter_test.go index af8eff99b..047da4914 100644 --- a/test/integration/operator/controllers/transporter_test.go +++ b/test/integration/operator/controllers/transporter_test.go @@ -260,18 +260,6 @@ var _ = Describe("transporter", Ordered, func() { }, }, }, - Zookeeper: &v1alpha4.CommonSpec{ - Resources: &v1alpha4.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceName(corev1.ResourceCPU): resource.MustParse(customCPULimit), - corev1.ResourceName(corev1.ResourceMemory): resource.MustParse(customMemoryLimit), - }, - Requests: corev1.ResourceList{ - corev1.ResourceName(corev1.ResourceMemory): resource.MustParse(customMemoryRequest), - corev1.ResourceName(corev1.ResourceCPU): resource.MustParse(customCPURequest), - }, - }, - }, } mgh.Spec.ImagePullSecret = "mgh-image-pull" @@ -382,23 +370,18 @@ var _ = Describe("transporter", Ordered, func() { entityOperatorToleration, _ := json.Marshal(kafka.Spec.EntityOperator.Template.Pod.Tolerations) kafkaToleration, _ := json.Marshal(kafka.Spec.Kafka.Template.Pod.Tolerations) - zookeeperToleration, _ := json.Marshal(kafka.Spec.Zookeeper.Template.Pod.Tolerations) entityOperatorNodeAffinity, _ := json.Marshal(kafka.Spec.EntityOperator.Template.Pod.Affinity.NodeAffinity) kafkaNodeAffinity, _ := json.Marshal(kafka.Spec.Kafka.Template.Pod.Affinity.NodeAffinity) - zookeeperNodeAffinity, _ := json.Marshal(kafka.Spec.Zookeeper.Template.Pod.Affinity.NodeAffinity) toleration := `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/worker","operator":"Exists"}]` Expect(string(entityOperatorToleration)).To(Equal(toleration)) Expect(string(kafkaToleration)).To(Equal(toleration)) - Expect(string(zookeeperToleration)).To(Equal(toleration)) // cannot compare the string, because the order is random Expect(string(entityOperatorNodeAffinity)).To(ContainSubstring("node-role.kubernetes.io/worker")) Expect(string(entityOperatorNodeAffinity)).To(ContainSubstring("topology.kubernetes.io/zone")) Expect(string(kafkaNodeAffinity)).To(ContainSubstring("node-role.kubernetes.io/worker")) Expect(string(kafkaNodeAffinity)).To(ContainSubstring("topology.kubernetes.io/zone")) - Expect(string(zookeeperNodeAffinity)).To(ContainSubstring("node-role.kubernetes.io/worker")) - Expect(string(zookeeperNodeAffinity)).To(ContainSubstring("topology.kubernetes.io/zone")) // simulate to create a cluster named: hub1 clusterName := "hub1" From 4a839d92d0f6d255b7c327e870803c521c1b3386 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Thu, 28 Nov 2024 16:44:51 +0800 Subject: [PATCH 02/16] Remove kafka manifest Signed-off-by: clyang82 --- .../protocol/manifests/global-hub-kafka.yaml | 40 ------------------- .../protocol/strimzi_transporter.go | 4 ++ 2 files changed, 4 insertions(+), 40 deletions(-) delete mode 100644 operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml diff --git a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml deleted file mode 100644 index 09aa95156..000000000 --- a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta2 -kind: Kafka -metadata: - name: {{.KafkaCluster}} - annotations: - strimzi.io/node-pools: enabled - strimzi.io/kraft: enabled - namespace: {{.Namespace}} -spec: - kafka: - version: 3.7.1 # https://github.com/strimzi/strimzi-kafka-operator/blob/release-0.42.x/examples/kafka/kraft/kafka-with-dual-role-nodes.yaml - metadataVersion: 3.7-IV4 - listeners: - - name: plain - port: 9092 - type: internal - tls: false - - authentication: - type: tls - configuration: - bootstrap: - nodePort: 30095 - brokers: - - broker: 0 - advertisedHost: {{.KinDClusterIPAddress}} - name: external - port: 9095 - tls: true - type: nodeport - authorization: - type: simple - config: - offsets.topic.replication.factor: 1 - transaction.state.log.replication.factor: 1 - transaction.state.log.min.isr: 1 - default.replication.factor: 1 - min.insync.replicas: 1 - entityOperator: - topicOperator: {} - userOperator: {} diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index aa8c58764..6a6a85b60 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -673,6 +673,10 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG Labels: map[string]string{ constants.GlobalHubOwnerLabelKey: constants.GlobalHubOwnerLabelVal, }, + Annotations: map[string]string{ + "strimzi.io/node-pools": "enabled", + "strimzi.io/kraft": "enabled", + }, }, Spec: &kafkav1beta2.KafkaSpec{ Kafka: kafkav1beta2.KafkaSpecKafka{ From 9d4a0a86133e0fc70d400522e154c397386e2f9b Mon Sep 17 00:00:00 2001 From: clyang82 Date: Thu, 28 Nov 2024 17:23:55 +0800 Subject: [PATCH 03/16] update strimzi client Signed-off-by: clyang82 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 08a168fe7..d1a9fa954 100644 --- a/go.mod +++ b/go.mod @@ -245,4 +245,4 @@ require ( replace github.com/elazarl/goproxy => github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 -replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20240829073515-1fafe574af8b +replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef diff --git a/go.sum b/go.sum index 486a88891..a38459315 100644 --- a/go.sum +++ b/go.sum @@ -195,8 +195,8 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/clyang82/strimzi-client-go v0.0.0-20240829073515-1fafe574af8b h1:dA0X/UTXHbX7iqZFnXd5mNDVwkR+h+v9Y41wBSotpms= -github.com/clyang82/strimzi-client-go v0.0.0-20240829073515-1fafe574af8b/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= +github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef h1:ph59/jnRd/cZP3i9iy4l0M++q9brVVKfPw/P+b/8Tzw= +github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= From 08f6447aa57e0b47ee036e70b82b69f16bc2f1ce Mon Sep 17 00:00:00 2001 From: clyang82 Date: Thu, 28 Nov 2024 19:09:56 +0800 Subject: [PATCH 04/16] update strimzi-client-go Signed-off-by: clyang82 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d1a9fa954..a82158ea4 100644 --- a/go.mod +++ b/go.mod @@ -245,4 +245,4 @@ require ( replace github.com/elazarl/goproxy => github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 -replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef +replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231 diff --git a/go.sum b/go.sum index a38459315..1ee5d7b36 100644 --- a/go.sum +++ b/go.sum @@ -195,8 +195,8 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef h1:ph59/jnRd/cZP3i9iy4l0M++q9brVVKfPw/P+b/8Tzw= -github.com/clyang82/strimzi-client-go v0.0.0-20241128092133-16cf86ea48ef/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= +github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231 h1:sSkprVivxV26zr2cFiS1GcU7WiP76fjyhqee+v24fj4= +github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= From b62c6ac5b1ee9df6971045672cb22cbfce870bef Mon Sep 17 00:00:00 2001 From: clyang82 Date: Thu, 28 Nov 2024 21:46:20 +0800 Subject: [PATCH 05/16] Correct metrics Signed-off-by: clyang82 --- go.mod | 2 +- go.sum | 4 ++-- .../transporter/protocol/manifests/metrics.yaml | 6 +++--- .../transporter/protocol/strimzi_transporter.go | 3 +-- .../operator/controllers/transporter_test.go | 10 ---------- 5 files changed, 7 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index a82158ea4..8f6bcc8b3 100644 --- a/go.mod +++ b/go.mod @@ -245,4 +245,4 @@ require ( replace github.com/elazarl/goproxy => github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 -replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231 +replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9 diff --git a/go.sum b/go.sum index 1ee5d7b36..5b1fd7c68 100644 --- a/go.sum +++ b/go.sum @@ -195,8 +195,8 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231 h1:sSkprVivxV26zr2cFiS1GcU7WiP76fjyhqee+v24fj4= -github.com/clyang82/strimzi-client-go v0.0.0-20241128110822-1fde15b2e231/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= +github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9 h1:4G3Gp73PT7oKymXBpHd/R06MBDYYaSnXfl4uf1ZOugw= +github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= diff --git a/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml b/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml index 5e6a6ea92..eb1161f2a 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/metrics.yaml @@ -139,15 +139,15 @@ data: - pattern: "kafka.server<>(.+):" name: kafka_server_raftmetrics_$1 type: GAUGE - KRaft "low level" channels related metrics - distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics + # KRaft "low level" channels related metrics + # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics - pattern: "kafka.server<>(.+-total|.+-max):" name: kafka_server_raftchannelmetrics_$1 type: COUNTER - pattern: "kafka.server<>(.+):" name: kafka_server_raftchannelmetrics_$1 type: GAUGE - Broker metrics related to fetching metadata topic records in KRaft mode + # Broker metrics related to fetching metadata topic records in KRaft mode - pattern: "kafka.server<>(.+):" name: kafka_server_brokermetadatametrics_$1 type: GAUGE diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 6a6a85b60..bdc0e819d 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -708,8 +708,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG Authorization: &kafkav1beta2.KafkaSpecKafkaAuthorization{ Type: kafkav1beta2.KafkaSpecKafkaAuthorizationTypeSimple, }, - Replicas: 3, - Version: &DefaultAMQKafkaVersion, + Version: &DefaultAMQKafkaVersion, }, EntityOperator: &kafkav1beta2.KafkaSpecEntityOperator{ TopicOperator: &kafkav1beta2.KafkaSpecEntityOperatorTopicOperator{}, diff --git a/test/integration/operator/controllers/transporter_test.go b/test/integration/operator/controllers/transporter_test.go index 047da4914..dc05a36b5 100644 --- a/test/integration/operator/controllers/transporter_test.go +++ b/test/integration/operator/controllers/transporter_test.go @@ -447,10 +447,6 @@ func UpdateKafkaClusterReady(c client.Client, ns string) error { }, Spec: &kafkav1beta2.KafkaSpec{ Kafka: kafkav1beta2.KafkaSpecKafka{ - Replicas: 1, - Storage: kafkav1beta2.KafkaSpecKafkaStorage{ - Type: "ephemeral", - }, Listeners: []kafkav1beta2.KafkaSpecKafkaListenersElem{ { Name: "plain", @@ -463,12 +459,6 @@ func UpdateKafkaClusterReady(c client.Client, ns string) error { }`)}, Version: &kafkaVersion, }, - Zookeeper: kafkav1beta2.KafkaSpecZookeeper{ - Replicas: 1, - Storage: kafkav1beta2.KafkaSpecZookeeperStorage{ - Type: "ephemeral", - }, - }, }, Status: &kafkav1beta2.KafkaStatus{ ClusterId: &statusClusterId, From c4086f08cf30a9a8ee4f19f8f9256f8339657cce Mon Sep 17 00:00:00 2001 From: clyang82 Date: Fri, 29 Nov 2024 10:22:49 +0800 Subject: [PATCH 06/16] Fix e2e issues Signed-off-by: clyang82 --- .../protocol/strimzi_transporter.go | 58 ++++++++++++------- test/e2e/suite_test.go | 1 - test/script/kessel_e2e_setup.sh | 1 - 3 files changed, 37 insertions(+), 23 deletions(-) diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index bdc0e819d..34a0b89b3 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -222,8 +222,6 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu if mgh.Spec.AvailabilityConfig == operatorv1alpha4.HABasic { topicReplicas = 1 } - // brokerAdvertisedHost is used for test in KinD cluster. we need to use AdvertisedHost to pass tls authn. - brokerAdvertisedHost := mgh.Annotations[operatorconstants.KinDClusterIPKey] // render the kafka objects kafkaRenderer, kafkaDeployer := renderer.NewHoHRenderer(manifests), deployer.NewHoHDeployer(k.manager.GetClient()) @@ -240,7 +238,6 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu StatusPlaceholderTopic string TopicPartition int32 TopicReplicas int32 - KinDClusterIPAddress string EnableInventoryAPI bool KafkaInventoryTopic string StorageSize string @@ -256,7 +253,6 @@ func (k *strimziTransporter) renderKafkaResources(mgh *operatorv1alpha4.Multiclu StatusPlaceholderTopic: statusPlaceholderTopic, TopicPartition: DefaultPartition, TopicReplicas: topicReplicas, - KinDClusterIPAddress: brokerAdvertisedHost, EnableInventoryAPI: config.WithInventory(mgh), KafkaInventoryTopic: "kessel-inventory", StorageSize: config.GetKafkaStorageSize(mgh), @@ -666,6 +662,42 @@ func (k *strimziTransporter) getKafkaResources( func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterGlobalHub) *kafkav1beta2.Kafka { + var nodePort int32 = 30093 + listeners := []kafkav1beta2.KafkaSpecKafkaListenersElem{ + { + Name: "plain", + Port: 9092, + Tls: false, + Type: kafkav1beta2.KafkaSpecKafkaListenersElemTypeInternal, + }, + { + Name: "tls", + Port: 9093, + Tls: true, + Type: kafkav1beta2.KafkaSpecKafkaListenersElemTypeRoute, + Authentication: &kafkav1beta2.KafkaSpecKafkaListenersElemAuthentication{ + Type: kafkav1beta2.KafkaSpecKafkaListenersElemAuthenticationTypeTls, + }, + }, + } + + // brokerAdvertisedHost is used for test in KinD cluster. we need to use AdvertisedHost to pass tls authn. + brokerAdvertisedHost, exists := mgh.Annotations[operatorconstants.KinDClusterIPKey] + if exists { + listeners[1].Configuration = &kafkav1beta2.KafkaSpecKafkaListenersElemConfiguration{ + Bootstrap: &kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBootstrap{ + NodePort: &nodePort, + }, + Brokers: []kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBrokersElem{ + { + Broker: 0, + AdvertisedHost: &brokerAdvertisedHost, + }, + }, + } + listeners[1].Type = kafkav1beta2.KafkaSpecKafkaListenersElemTypeNodeport + } + kafkaCluster := &kafkav1beta2.Kafka{ ObjectMeta: metav1.ObjectMeta{ Name: k.kafkaClusterName, @@ -687,23 +719,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG "transaction.state.log.min.isr": 2, "transaction.state.log.replication.factor": 3 }`)}, - Listeners: []kafkav1beta2.KafkaSpecKafkaListenersElem{ - { - Name: "plain", - Port: 9092, - Tls: false, - Type: kafkav1beta2.KafkaSpecKafkaListenersElemTypeInternal, - }, - { - Name: "tls", - Port: 9093, - Tls: true, - Type: kafkav1beta2.KafkaSpecKafkaListenersElemTypeRoute, - Authentication: &kafkav1beta2.KafkaSpecKafkaListenersElemAuthentication{ - Type: kafkav1beta2.KafkaSpecKafkaListenersElemAuthenticationTypeTls, - }, - }, - }, + Listeners: listeners, Resources: k.getKafkaResources(mgh), Authorization: &kafkav1beta2.KafkaSpecKafkaAuthorization{ Type: kafkav1beta2.KafkaSpecKafkaAuthorizationTypeSimple, diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index cd95beeff..a3859e2a6 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -304,7 +304,6 @@ func deployGlobalHub() { "mgh-scheduler-interval": "minute", "global-hub.open-cluster-management.io/catalog-source-name": "operatorhubio-catalog", "global-hub.open-cluster-management.io/catalog-source-namespace": "olm", - "global-hub.open-cluster-management.io/enable-kraft": "", }, }, Spec: v1alpha4.MulticlusterGlobalHubSpec{ diff --git a/test/script/kessel_e2e_setup.sh b/test/script/kessel_e2e_setup.sh index f6ab04974..2de493b86 100755 --- a/test/script/kessel_e2e_setup.sh +++ b/test/script/kessel_e2e_setup.sh @@ -52,7 +52,6 @@ metadata: global-hub.open-cluster-management.io/catalog-source-name: operatorhubio-catalog global-hub.open-cluster-management.io/catalog-source-namespace: olm global-hub.open-cluster-management.io/with-inventory: "" - global-hub.open-cluster-management.io/enable-kraft: "" global-hub.open-cluster-management.io/kind-cluster-ip: "$global_hub_node_ip" name: multiclusterglobalhub namespace: multicluster-global-hub From b7363e99c9fe90075bb0ab320a9f156a385d391b Mon Sep 17 00:00:00 2001 From: clyang82 Date: Fri, 29 Nov 2024 15:45:11 +0800 Subject: [PATCH 07/16] update olm installation mode Signed-off-by: clyang82 --- ...al-hub-operator.clusterserviceversion.yaml | 8 ++-- ...al-hub-operator.clusterserviceversion.yaml | 3 -- .../manifests/global-hub-kafka-node-pool.yaml | 2 +- .../protocol/strimzi_transporter.go | 2 - test/script/util.sh | 37 ++++--------------- 5 files changed, 12 insertions(+), 40 deletions(-) diff --git a/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml b/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml index 8890ad26d..66f84657f 100644 --- a/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml +++ b/operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml @@ -31,7 +31,7 @@ metadata: categories: Integration & Delivery,OpenShift Optional certified: "false" containerImage: quay.io/stolostron/multicluster-global-hub-operator:latest - createdAt: "2024-11-28T07:21:57Z" + createdAt: "2024-11-29T07:44:42Z" description: Manages the installation and upgrade of the Multicluster Global Hub. olm.skipRange: '>=1.3.0 <1.4.0' operatorframework.io/initialization-resource: '{"apiVersion":"operator.open-cluster-management.io/v1alpha4", @@ -144,9 +144,9 @@ spec: NAME READY STATUS RESTARTS AGE amq-streams-cluster-operator-v2.6.0-2-f49bf7559-569mw 1/1 Running 0 22m kafka-entity-operator-68dcd446f4-pg257 3/3 Running 0 19m - kafka-kafka-dual-role-0 1/1 Running 0 20m - kafka-kafka-dual-role-1 1/1 Running 0 20m - kafka-kafka-dual-role-2 1/1 Running 0 20m + kafka-kafka-0 1/1 Running 0 20m + kafka-kafka-1 1/1 Running 0 20m + kafka-kafka-2 1/1 Running 0 20m multicluster-global-hub-grafana-5b7cfb6876-5rcnn 2/2 Running 0 19m multicluster-global-hub-grafana-5b7cfb6876-wq99v 2/2 Running 0 19m multicluster-global-hub-manager-7f56d78c49-hzfvw 1/1 Running 0 19m diff --git a/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml index 8cf49d7cb..84350300a 100644 --- a/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/multicluster-global-hub-operator.clusterserviceversion.yaml @@ -122,9 +122,6 @@ spec: kafka-kafka-0 1/1 Running 0 20m kafka-kafka-1 1/1 Running 0 20m kafka-kafka-2 1/1 Running 0 20m - kafka-kafka-dual-role-0 1/1 Running 0 20m - kafka-kafka-dual-role-1 1/1 Running 0 20m - kafka-kafka-dual-role-2 1/1 Running 0 20m multicluster-global-hub-grafana-5b7cfb6876-5rcnn 2/2 Running 0 19m multicluster-global-hub-grafana-5b7cfb6876-wq99v 2/2 Running 0 19m multicluster-global-hub-manager-7f56d78c49-hzfvw 1/1 Running 0 19m diff --git a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml index f3f0a5253..03a693dc8 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml @@ -1,7 +1,7 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaNodePool metadata: - name: dual-role + name: kafka labels: strimzi.io/cluster: {{.KafkaCluster}} namespace: {{.Namespace}} diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 34a0b89b3..1c30ad0f8 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -52,7 +52,6 @@ const ( DefaultCatalogSourceName = "redhat-operators" // subscription - community - // The KRaft Compatibility: https://github.com/orgs/strimzi/discussions/10836 CommunityChannel = "strimzi-0.43.x" CommunityPackageName = "strimzi-kafka-operator" CommunityCatalogSourceName = "community-operators" @@ -661,7 +660,6 @@ func (k *strimziTransporter) getKafkaResources( } func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterGlobalHub) *kafkav1beta2.Kafka { - var nodePort int32 = 30093 listeners := []kafkav1beta2.KafkaSpecKafkaListenersElem{ { diff --git a/test/script/util.sh b/test/script/util.sh index f45784ff6..8663d4df6 100755 --- a/test/script/util.sh +++ b/test/script/util.sh @@ -386,6 +386,9 @@ install_crds() { # cluster kubectl --context "$1" apply -f "$CURRENT_DIR"/../manifest/crd/0000_00_cluster.open-cluster-management.io_managedclusters.crd.yaml + + #proxy crd. required by olm + kubectl --context "$1" apply -f ${CURRENT_DIR}/../manifest/crd/0000_03_config-operator_01_proxies.crd.yaml } install_mch() { @@ -412,36 +415,10 @@ enable_service_ca() { # deploy olm enable_olm() { - NS=olm - csvPhase=$(kubectl --context "$1" get csv -n "${NS}" packageserver -o jsonpath='{.status.phase}' 2>/dev/null || echo "Waiting for CSV to appear") - if [[ "$csvPhase" == "Succeeded" ]]; then - echo "OLM is already installed in ${NS} namespace. Skipping..." - return - fi - - #proxy crd - kubectl --context "$1" apply -f ${CURRENT_DIR}/../manifest/crd/0000_03_config-operator_01_proxies.crd.yaml - - path="https://raw.githubusercontent.com/operator-framework/operator-lifecycle-manager/v0.28.0" - kubectl --context "$1" apply -f "${path}/deploy/upstream/quickstart/crds.yaml" - kubectl --context "$1" wait --for=condition=Established -f "${path}/deploy/upstream/quickstart/crds.yaml" --timeout=60s - kubectl --context "$1" apply -f "${path}/deploy/upstream/quickstart/olm.yaml" - - retries=300 - csvPhase=$(kubectl --context "$1" get csv -n "${NS}" packageserver -o jsonpath='{.status.phase}' || echo "Waiting for CSV to appear") - while [[ $retries -gt 0 && "$csvPhase" != "Succeeded" ]]; do - echo "CSV packageserver(status.phase): ${csvPhase}" - sleep 1 - retries=$((retries - 1)) - csvPhase=$(kubectl --context "$1" get csv -n "${NS}" packageserver -o jsonpath='{.status.phase}' || echo "Waiting for CSV to appear") - done - if [ $retries == 0 ]; then - echo "CSV 'packageserver' failed to reach 'Succeeded' phase!" - exit 1 - fi - - kubectl --context "$1" rollout status -w deployment/packageserver --namespace="${NS}" --timeout=60s - echo "CSV 'packageserver' install succeeded" + kubectl config use-context "$1" + curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.28.0/install.sh -o install.sh + chmod +x install.sh + ./install.sh v0.30.0 } wait_secret_ready() { From 2a3677540c32710afd927e10b2c02fd452066629 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Fri, 29 Nov 2024 16:10:34 +0800 Subject: [PATCH 08/16] update strimzi client and remove kafka plain listener Signed-off-by: clyang82 --- go.mod | 2 +- go.sum | 4 ++-- .../transporter/protocol/strimzi_transporter.go | 8 +------- test/manifest/kafka/kafka-cluster/kafka-cluster.yaml | 10 ++-------- 4 files changed, 6 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 8f6bcc8b3..c4f56f91c 100644 --- a/go.mod +++ b/go.mod @@ -245,4 +245,4 @@ require ( replace github.com/elazarl/goproxy => github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 -replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9 +replace github.com/RedHatInsights/strimzi-client-go => github.com/clyang82/strimzi-client-go v0.0.0-20241128142517-2098cd6dda19 diff --git a/go.sum b/go.sum index 5b1fd7c68..ff06c0708 100644 --- a/go.sum +++ b/go.sum @@ -195,8 +195,8 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9 h1:4G3Gp73PT7oKymXBpHd/R06MBDYYaSnXfl4uf1ZOugw= -github.com/clyang82/strimzi-client-go v0.0.0-20241128133614-e66e5802e7d9/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= +github.com/clyang82/strimzi-client-go v0.0.0-20241128142517-2098cd6dda19 h1:PCOeMeWqBzwrIC/ReekZipig4BEYGiHz/Gz+1Ou86nk= +github.com/clyang82/strimzi-client-go v0.0.0-20241128142517-2098cd6dda19/go.mod h1:7OPvvx8wg6NrP+3wbBoRlrE5UB0N0m3xeR/PZ2ofSHM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 1c30ad0f8..1095f2d2f 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -662,12 +662,6 @@ func (k *strimziTransporter) getKafkaResources( func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterGlobalHub) *kafkav1beta2.Kafka { var nodePort int32 = 30093 listeners := []kafkav1beta2.KafkaSpecKafkaListenersElem{ - { - Name: "plain", - Port: 9092, - Tls: false, - Type: kafkav1beta2.KafkaSpecKafkaListenersElemTypeInternal, - }, { Name: "tls", Port: 9093, @@ -682,7 +676,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG // brokerAdvertisedHost is used for test in KinD cluster. we need to use AdvertisedHost to pass tls authn. brokerAdvertisedHost, exists := mgh.Annotations[operatorconstants.KinDClusterIPKey] if exists { - listeners[1].Configuration = &kafkav1beta2.KafkaSpecKafkaListenersElemConfiguration{ + listeners[0].Configuration = &kafkav1beta2.KafkaSpecKafkaListenersElemConfiguration{ Bootstrap: &kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBootstrap{ NodePort: &nodePort, }, diff --git a/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml b/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml index b4d0149f9..10490a2c9 100644 --- a/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml +++ b/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml @@ -30,22 +30,16 @@ spec: version: 3.7.0 metadataVersion: 3.7-IV4 listeners: - - configuration: - useServiceDnsDomain: true - name: plain - port: 9092 - tls: false - type: internal - authentication: type: tls configuration: bootstrap: - nodePort: 30095 + nodePort: 30093 brokers: - broker: 0 advertisedHost: "NODE_PORT_HOST" name: external - port: 9095 + port: 9093 tls: true type: nodeport livenessProbe: From 34f3563660afde91faf64b4c533621b1b76bf633 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Mon, 2 Dec 2024 14:20:40 +0800 Subject: [PATCH 09/16] Fix test issues Signed-off-by: clyang82 --- .../protocol/strimzi_transporter.go | 2 +- test/script/kessel_e2e_setup.sh | 33 ++++++++++++++----- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 1095f2d2f..1aedd650c 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -687,7 +687,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG }, }, } - listeners[1].Type = kafkav1beta2.KafkaSpecKafkaListenersElemTypeNodeport + listeners[0].Type = kafkav1beta2.KafkaSpecKafkaListenersElemTypeNodeport } kafkaCluster := &kafkav1beta2.Kafka{ diff --git a/test/script/kessel_e2e_setup.sh b/test/script/kessel_e2e_setup.sh index 2de493b86..b5dbd9f04 100755 --- a/test/script/kessel_e2e_setup.sh +++ b/test/script/kessel_e2e_setup.sh @@ -70,16 +70,31 @@ spec: imagePullPolicy: IfNotPresent EOF +# Create a temporary file to store stderr messages +error_cache=$(mktemp) + # Wait the control planes are ready -wait_cmd "kubectl get deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name" -wait_cmd "kubectl get deploy/multicluster-global-hub-manager -n multicluster-global-hub --context $cluster_name" -kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=600s --context "$cluster_name" -wait_cmd "kubectl get deploy/inventory-api -n multicluster-global-hub --context $cluster_name" -kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name +# Use a Subshell to Isolate the Exit +(wait_cmd "kubectl get deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true +(wait_cmd "kubectl get deploy/multicluster-global-hub-manager -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true +(kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=60s --context "$cluster_name") 2>>"$error_cache" || true +(wait_cmd "kubectl get deploy/inventory-api -n multicluster-global-hub --context $cluster_name" 60) 2>>"$error_cache" || true +(kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name) 2>>"$error_cache" || true # Debug information -kubectl get kafka -n multicluster-global-hub -oyaml --context $cluster_name -kubectl get pod -n multicluster-global-hub --context $cluster_name +kubectl get kafka -n multicluster-global-hub -oyaml --context $cluster_name || true +kubectl get pod -n multicluster-global-hub --context $cluster_name || true kubectl get mcgh -n multicluster-global-hub -oyaml --context $cluster_name || true -kubectl logs deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name -kubectl get deploy -n multicluster-global-hub --context $cluster_name +kubectl logs deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name || true +kubectl get deploy -n multicluster-global-hub --context $cluster_name || true + +if [ -s "$error_cache" ]; then + echo "The following errors were encountered:" + cat "$error_cache" + rm "$error_cache" # Clean up the temporary file + exit 1 # Exit with error status +else + echo "All commands executed successfully." + rm "$error_cache" # Clean up the temporary file +fi + From 9a1fdd9db4c580ad7af2da3a77db61e9965b5e3f Mon Sep 17 00:00:00 2001 From: clyang82 Date: Mon, 2 Dec 2024 15:20:57 +0800 Subject: [PATCH 10/16] Fix test issues Signed-off-by: clyang82 --- .../protocol/strimzi_transporter.go | 13 +- samples/config/confluent_config.go | 4 +- samples/config/sarama_config.go | 4 +- .../operator/controllers/manager_test.go | 10 +- .../operator/controllers/transporter_test.go | 21 +- ...5_kafka.strimzi.io_kafkanodepools.crd.yaml | 1170 ++ .../0000_05_kafka.strimzi.io_kafkas.crd.yaml | 13952 ++++++++-------- ...0_05_kafka.strimzi.io_kafkatopics.crd.yaml | 576 +- ...00_05_kafka.strimzi.io_kafkausers.crd.yaml | 1475 +- test/script/e2e_kafka.sh | 2 +- test/script/e2e_run_byo.sh | 6 +- test/script/event_exporter_kafka.sh | 4 +- 12 files changed, 9372 insertions(+), 7865 deletions(-) create mode 100644 test/manifest/crd/0000_05_kafka.strimzi.io_kafkanodepools.crd.yaml diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 1aedd650c..4b74a3b53 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -503,8 +503,8 @@ func (k *strimziTransporter) getConnCredentailByCluster() (*transport.KafkaConfi } credential := &transport.KafkaConfig{ ClusterID: clusterIdentity, - BootstrapServer: *kafkaCluster.Status.Listeners[1].BootstrapServers, - CACert: base64.StdEncoding.EncodeToString([]byte(kafkaCluster.Status.Listeners[1].Certificates[0])), + BootstrapServer: *kafkaCluster.Status.Listeners[0].BootstrapServers, + CACert: base64.StdEncoding.EncodeToString([]byte(kafkaCluster.Status.Listeners[0].Certificates[0])), } return credential, nil } @@ -892,15 +892,6 @@ func (k *strimziTransporter) setImagePullSecret(mgh *operatorv1alpha4.Multiclust }, }, } - desiredKafkaSpec.Zookeeper.Template = &kafkav1beta2.KafkaSpecZookeeperTemplate{ - Pod: &kafkav1beta2.KafkaSpecZookeeperTemplatePod{ - ImagePullSecrets: []kafkav1beta2.KafkaSpecZookeeperTemplatePodImagePullSecretsElem{ - { - Name: &mgh.Spec.ImagePullSecret, - }, - }, - }, - } // marshal to json existingKafkaJson, _ := json.Marshal(existingKafkaSpec) desiredKafkaJson, _ := json.Marshal(desiredKafkaSpec) diff --git a/samples/config/confluent_config.go b/samples/config/confluent_config.go index 8bab72243..1c21fac54 100644 --- a/samples/config/confluent_config.go +++ b/samples/config/confluent_config.go @@ -219,8 +219,8 @@ func GetConfluentConfigMapByUser(c client.Client, namespace, clusterName, userNa cm := config.GetBasicConfigMap() for _, condition := range kafkaCluster.Status.Conditions { if *condition.Type == "Ready" && *condition.Status == "True" { - clusterCaCert := kafkaCluster.Status.Listeners[1].Certificates[0] - _ = cm.SetKey("bootstrap.servers", *kafkaCluster.Status.Listeners[1].BootstrapServers) + clusterCaCert := kafkaCluster.Status.Listeners[0].Certificates[0] + _ = cm.SetKey("bootstrap.servers", *kafkaCluster.Status.Listeners[0].BootstrapServers) _ = cm.SetKey("security.protocol", "ssl") _ = cm.SetKey("ssl.ca.pem", clusterCaCert) _ = cm.SetKey("ssl.certificate.pem", clientCert) diff --git a/samples/config/sarama_config.go b/samples/config/sarama_config.go index 90e9955a9..d9b563f2d 100644 --- a/samples/config/sarama_config.go +++ b/samples/config/sarama_config.go @@ -89,11 +89,11 @@ func GetSaramaConfigFromKafkaUser() (string, *sarama.Config, error) { return "", nil, err } - bootstrapServer := *kafkaCluster.Status.Listeners[1].BootstrapServers + bootstrapServer := *kafkaCluster.Status.Listeners[0].BootstrapServers // Load CA cert caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM([]byte(kafkaCluster.Status.Listeners[1].Certificates[0])) + caCertPool.AppendCertsFromPEM([]byte(kafkaCluster.Status.Listeners[0].Certificates[0])) tlsConfig.RootCAs = caCertPool kafkaUserSecret := &corev1.Secret{} diff --git a/test/integration/operator/controllers/manager_test.go b/test/integration/operator/controllers/manager_test.go index 67cb1c779..6c1aa1e9e 100644 --- a/test/integration/operator/controllers/manager_test.go +++ b/test/integration/operator/controllers/manager_test.go @@ -68,6 +68,7 @@ var _ = Describe("manager", Ordered, func() { initOption = config.ControllerOption{ Manager: runtimeManager, MulticlusterGlobalHub: mgh, + OperatorConfig: &config.OperatorConfig{}, } // transport err := CreateTestSecretTransport(runtimeClient, mgh.Namespace) @@ -80,14 +81,7 @@ var _ = Describe("manager", Ordered, func() { }) It("should generate the manager resources", func() { - _, err := reconciler.Reconcile(ctx, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: mgh.Namespace, - Name: mgh.Name, - }, - }) - Expect(err).To(Succeed()) - + var err error // deployment Eventually(func() error { deployment := &appsv1.Deployment{} diff --git a/test/integration/operator/controllers/transporter_test.go b/test/integration/operator/controllers/transporter_test.go index dc05a36b5..3584f5424 100644 --- a/test/integration/operator/controllers/transporter_test.go +++ b/test/integration/operator/controllers/transporter_test.go @@ -323,13 +323,6 @@ var _ = Describe("transporter", Ordered, func() { Expect(string(kafka.Spec.Kafka.Resources.Requests.Raw)).To(Equal(`{"cpu":"1m","memory":"1Mi"}`)) Expect(string(kafka.Spec.Kafka.Resources.Limits.Raw)).To(Equal(`{"cpu":"2m","memory":"2Mi"}`)) - Expect(kafka.Spec.Zookeeper.Template.Pod.Affinity.NodeAffinity).NotTo(BeNil()) - Expect(kafka.Spec.Zookeeper.Template.Pod.Tolerations).NotTo(BeEmpty()) - Expect(kafka.Spec.Zookeeper.Template.Pod.ImagePullSecrets).NotTo(BeEmpty()) - - Expect(string(kafka.Spec.Zookeeper.Resources.Requests.Raw)).To(Equal(`{"cpu":"1m","memory":"1Mi"}`)) - Expect(string(kafka.Spec.Zookeeper.Resources.Limits.Raw)).To(Equal(`{"cpu":"2m","memory":"2Mi"}`)) - Expect(kafka.Spec.EntityOperator.Template.Pod.Affinity.NodeAffinity).NotTo(BeNil()) Expect(kafka.Spec.EntityOperator.Template.Pod.Tolerations).NotTo(BeEmpty()) Expect(kafka.Spec.EntityOperator.Template.Pod.ImagePullSecrets).NotTo(BeEmpty()) @@ -429,7 +422,7 @@ var _ = Describe("transporter", Ordered, func() { }) func UpdateKafkaClusterReady(c client.Client, ns string) error { - kafkaVersion := "3.5.0" + kafkaVersion := "3.8.0" kafkaClusterName := "kafka" globalHubKafkaUser := "global-hub-kafka-user" clientCa := "kafka-clients-ca-cert" @@ -449,9 +442,9 @@ func UpdateKafkaClusterReady(c client.Client, ns string) error { Kafka: kafkav1beta2.KafkaSpecKafka{ Listeners: []kafkav1beta2.KafkaSpecKafkaListenersElem{ { - Name: "plain", - Port: 9092, - Type: "internal", + Name: "tls", + Port: 9093, + Type: "nodeport", }, }, Config: &apiextensions.JSON{Raw: []byte(`{ @@ -463,9 +456,6 @@ func UpdateKafkaClusterReady(c client.Client, ns string) error { Status: &kafkav1beta2.KafkaStatus{ ClusterId: &statusClusterId, Listeners: []kafkav1beta2.KafkaStatusListenersElem{ - { - BootstrapServers: &bootServer, - }, { BootstrapServers: &bootServer, Certificates: []string{ @@ -501,9 +491,6 @@ func UpdateKafkaClusterReady(c client.Client, ns string) error { } existkafkaCluster.Status = &kafkav1beta2.KafkaStatus{ Listeners: []kafkav1beta2.KafkaStatusListenersElem{ - { - BootstrapServers: &bootServer, - }, { BootstrapServers: &bootServer, Certificates: []string{ diff --git a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkanodepools.crd.yaml b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkanodepools.crd.yaml new file mode 100644 index 000000000..66f66fc5f --- /dev/null +++ b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkanodepools.crd.yaml @@ -0,0 +1,1170 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkanodepools.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: "true" +spec: + group: kafka.strimzi.io + names: + kind: KafkaNodePool + listKind: KafkaNodePoolList + singular: kafkanodepool + plural: kafkanodepools + shortNames: + - knp + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of replicas + jsonPath: .spec.replicas + type: integer + - name: Roles + description: Roles of the nodes in the pool + jsonPath: .status.roles + type: string + - name: NodeIds + description: Node IDs used by Kafka nodes in this pool + jsonPath: .status.nodeIds + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + replicas: + type: integer + minimum: 0 + description: The number of pods in the pool. + storage: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. + kraftMetadata: + type: string + enum: + - shared + description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set." + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. + selector: + additionalProperties: + type: string + type: object + description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. + size: + type: string + description: "When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`." + sizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." + type: + type: string + enum: + - ephemeral + - persistent-claim + - jbod + description: "Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'." + volumes: + type: array + items: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration. + kraftMetadata: + type: string + enum: + - shared + description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set." + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. + selector: + additionalProperties: + type: string + type: object + description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. + size: + type: string + description: "When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`." + sizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." + type: + type: string + enum: + - ephemeral + - persistent-claim + description: "Storage type, must be either 'ephemeral' or 'persistent-claim'." + required: + - type + description: List of volumes as Storage objects representing the JBOD disks array. + required: + - type + description: Storage configuration (disk). Cannot be updated. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: "The roles that the nodes in this pool will have when KRaft mode is enabled. Supported values are 'broker' and 'controller'. This field is required. When KRaft mode is disabled, the only allowed value if `broker`." + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + jvmOptions: + type: object + properties: + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for pods. + template: + type: object + properties: + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for Kafka `Pods`. + perPodService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Services` used for access from outside of Kubernetes. + perPodRoute: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Routes` used for access from outside of OpenShift. + perPodIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for all Kafka `PersistentVolumeClaims`. + kafkaContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Kafka broker container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Kafka init container. + description: Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated. + required: + - replicas + - storage + - roles + description: The specification of the KafkaNodePool. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + nodeIds: + type: array + items: + type: integer + description: Node IDs used by Kafka nodes in this pool. + clusterId: + type: string + description: Kafka cluster ID. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: The roles currently assigned to this pool. + replicas: + type: integer + description: The current number of pods being used to provide this resource. + labelSelector: + type: string + description: Label selector for pods providing this resource. + description: The status of the KafkaNodePool. diff --git a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkas.crd.yaml b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkas.crd.yaml index 406f12f80..166ebe3db 100644 --- a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkas.crd.yaml +++ b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkas.crd.yaml @@ -2,7311 +2,7765 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkas.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: "true" + component: kafkas.kafka.strimzi.io-crd spec: - conversion: - strategy: None group: kafka.strimzi.io names: - categories: - - strimzi kind: Kafka listKind: KafkaList + singular: kafka plural: kafkas shortNames: - - k - singular: kafka + - k + categories: + - strimzi scope: Namespaced + conversion: + strategy: None versions: - - additionalPrinterColumns: - - description: The desired number of Kafka replicas in the cluster - jsonPath: .spec.kafka.replicas - name: Desired Kafka replicas - type: integer - - description: The desired number of ZooKeeper replicas in the cluster - jsonPath: .spec.zookeeper.replicas - name: Desired ZK replicas - type: integer - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - description: Warnings related to the custom resource - jsonPath: .status.conditions[?(@.type=="Warning")].status - name: Warnings - type: string - name: v1beta2 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the Kafka and ZooKeeper clusters, and - Topic Operator. - properties: - clientsCa: - description: Configuration of the clients certificate authority. - properties: - certificateExpirationPolicy: - description: How should CA certificate expiration be handled when - `generateCertificateAuthority=true`. The default is for a new - CA certificate to be generated reusing the existing private - key. - enum: - - renew-certificate - - replace-key - type: string - generateCertificateAuthority: - description: If true then Certificate Authority certificates will - be generated automatically. Otherwise the user will need to - provide a Secret with the CA certificate. Default is true. - type: boolean - generateSecretOwnerReference: - description: If `true`, the Cluster and Client CA Secrets are - configured with the `ownerReference` set to the `Kafka` resource. - If the `Kafka` resource is deleted when `true`, the CA Secrets - are also deleted. If `false`, the `ownerReference` is disabled. - If the `Kafka` resource is deleted when `false`, the CA Secrets - are retained and available for reuse. Default is `true`. - type: boolean - renewalDays: - description: The number of days in the certificate renewal period. - This is the number of days before the a certificate expires - during which renewal actions may be performed. When `generateCertificateAuthority` - is true, this will cause the generation of a new certificate. - When `generateCertificateAuthority` is true, this will cause - extra logging at WARN level about the pending certificate expiry. - Default is 30. - minimum: 1 - type: integer - validityDays: - description: The number of days generated certificates should - be valid for. The default is 365. - minimum: 1 - type: integer - type: object - clusterCa: - description: Configuration of the cluster certificate authority. - properties: - certificateExpirationPolicy: - description: How should CA certificate expiration be handled when - `generateCertificateAuthority=true`. The default is for a new - CA certificate to be generated reusing the existing private - key. - enum: - - renew-certificate - - replace-key - type: string - generateCertificateAuthority: - description: If true then Certificate Authority certificates will - be generated automatically. Otherwise the user will need to - provide a Secret with the CA certificate. Default is true. - type: boolean - generateSecretOwnerReference: - description: If `true`, the Cluster and Client CA Secrets are - configured with the `ownerReference` set to the `Kafka` resource. - If the `Kafka` resource is deleted when `true`, the CA Secrets - are also deleted. If `false`, the `ownerReference` is disabled. - If the `Kafka` resource is deleted when `false`, the CA Secrets - are retained and available for reuse. Default is `true`. - type: boolean - renewalDays: - description: The number of days in the certificate renewal period. - This is the number of days before the a certificate expires - during which renewal actions may be performed. When `generateCertificateAuthority` - is true, this will cause the generation of a new certificate. - When `generateCertificateAuthority` is true, this will cause - extra logging at WARN level about the pending certificate expiry. - Default is 30. - minimum: 1 - type: integer - validityDays: - description: The number of days generated certificates should - be valid for. The default is 365. - minimum: 1 - type: integer - type: object - cruiseControl: - description: Configuration for Cruise Control deployment. Deploys - a Cruise Control instance when specified. - properties: - brokerCapacity: - description: The Cruise Control `brokerCapacity` configuration. - properties: - cpu: - description: Broker capacity for CPU resource in cores or - millicores. For example, 1, 1.500, 1500m. For more information - on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. - pattern: ^[0-9]+([.][0-9]{0,3}|[m]?)$ - type: string - cpuUtilization: - description: Broker capacity for CPU resource utilization - as a percentage (0 - 100). - maximum: 100 - minimum: 0 - type: integer - disk: - description: Broker capacity for disk in bytes. Use a number - value with either standard Kubernetes byte units (K, M, - G, or T), their bibyte (power of two) equivalents (Ki, Mi, - Gi, or Ti), or a byte value with or without E notation. - For example, 100000M, 100000Mi, 104857600000, or 1e+11. - pattern: ^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$ - type: string - inboundNetwork: - description: Broker capacity for inbound network throughput - in bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte (power of - two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s. - pattern: ^[0-9]+([KMG]i?)?B/s$ - type: string - outboundNetwork: - description: Broker capacity for outbound network throughput - in bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte (power of - two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s. - pattern: ^[0-9]+([KMG]i?)?B/s$ - type: string - overrides: - description: Overrides for individual brokers. The `overrides` - property lets you specify a different capacity configuration - for different brokers. - items: - properties: - brokers: - description: List of Kafka brokers (broker identifiers). - items: - type: integer - type: array - cpu: - description: Broker capacity for CPU resource in cores - or millicores. For example, 1, 1.500, 1500m. For more - information on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. - pattern: ^[0-9]+([.][0-9]{0,3}|[m]?)$ - type: string - inboundNetwork: - description: Broker capacity for inbound network throughput - in bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte (power - of two) equivalents (Ki, Mi, Gi) per second. For example, - 10000KiB/s. - pattern: ^[0-9]+([KMG]i?)?B/s$ - type: string - outboundNetwork: - description: Broker capacity for outbound network throughput - in bytes per second. Use an integer value with standard - Kubernetes byte units (K, M, G) or their bibyte (power - of two) equivalents (Ki, Mi, Gi) per second. For example, - 10000KiB/s. - pattern: ^[0-9]+([KMG]i?)?B/s$ - type: string - required: - - brokers - type: object - type: array - type: object - config: - description: 'The Cruise Control configuration. For a full list - of configuration options refer to https://github.com/linkedin/cruise-control/wiki/Configurations. - Note that properties with the following prefixes cannot be set: - bootstrap.servers, client.id, zookeeper., network., security., - failed.brokers.zk.path,webserver.http., webserver.api.urlprefix, - webserver.session.path, webserver.accesslog., two.step., request.reason.required,metric.reporter.sampler.bootstrap.servers, - capacity.config.file, self.healing., ssl., kafka.broker.failure.detection.enable, - topic.config.provider.class (with the exception of: ssl.cipher.suites, - ssl.protocol, ssl.enabled.protocols, webserver.http.cors.enabled, - webserver.http.cors.origin, webserver.http.cors.exposeheaders, - webserver.security.enable, webserver.ssl.enable).' - type: object - x-kubernetes-preserve-unknown-fields: true - image: - description: The docker image for the pods. - type: string - jvmOptions: - description: JVM Options for the Cruise Control container. - properties: - -XX: - description: A map of -XX options to the JVM. - type: object - x-kubernetes-preserve-unknown-fields: true - -Xms: - description: -Xms option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - -Xmx: - description: -Xmx option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - gcLoggingEnabled: - description: Specifies whether the Garbage Collection logging - is enabled. The default is false. - type: boolean - javaSystemProperties: - description: A map of additional system properties which will - be passed using the `-D` option to the JVM. - items: - properties: - name: - description: The system property name. - type: string - value: - description: The system property value. - type: string - type: object - type: array - type: object - livenessProbe: - description: Pod liveness checking for the Cruise Control container. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: Logging configuration (Log4j 2) for Cruise Control. - properties: - loggers: - description: A Map from logger name to logger level. + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Desired Kafka replicas + description: The desired number of Kafka replicas in the cluster + jsonPath: .spec.kafka.replicas + type: integer + - name: Desired ZK replicas + description: The desired number of ZooKeeper replicas in the cluster + jsonPath: .spec.zookeeper.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + - name: Metadata State + description: The state of the cluster metadata + jsonPath: .status.kafkaMetadataState + type: string + - name: Warnings + description: Warnings related to the custom resource + jsonPath: ".status.conditions[?(@.type==\"Warning\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + kafka: + type: object + properties: + version: + type: string + description: The Kafka broker version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version. + metadataVersion: + type: string + description: "The KRaft metadata version used by the Kafka cluster. This property is ignored when running in ZooKeeper mode. If the property is not set, it defaults to the metadata version that corresponds to the `version` property." + replicas: + type: integer + minimum: 1 + description: The number of pods in the cluster. This property is required when node pools are not used. + image: + type: string + description: "The container image used for Kafka pods. If the property is not set, the default Kafka image version is determined based on the `version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration. Changing the Kafka image version does not automatically update the image versions for other components, such as Kafka Exporter. " + listeners: + type: array + minItems: 1 + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: - description: Logging type, must be either 'inline' or 'external'. - enum: - - inline - - external - type: string - valueFrom: - description: '`ConfigMap` entry where the logging configuration - is stored. ' properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. + name: + type: string + pattern: "^[a-z0-9]{1,11}$" + description: Name of the listener. The name will be used to identify the listener and the related Kubernetes objects. The name has to be unique within given a Kafka cluster. The name can consist of lowercase characters and numbers and be up to 11 characters long. + port: + type: integer + minimum: 9092 + description: "Port number used by the listener inside Kafka. The port number has to be unique within a given Kafka cluster. Allowed port numbers are 9092 and higher with the exception of ports 9404 and 9999, which are already used for Prometheus and JMX. Depending on the listener type, the port number might not be the same as the port number that connects Kafka clients." + type: + type: string + enum: + - internal + - route + - loadbalancer + - nodeport + - ingress + - cluster-ip + description: "Type of the listener. The supported types are as follows: \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka with TLS passthrough.\n* `cluster-ip` type uses a per-broker `ClusterIP` service.\n" + tls: + type: boolean + description: "Enables TLS encryption on the listener. This is a required property. For `route` and `ingress` type listeners, TLS encryption must be always enabled." + authentication: + type: object properties: - key: + accessTokenIsJwt: + type: boolean + description: Configure whether the access token is treated as JWT. This must be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + checkAccessTokenType: + type: boolean + description: Configure whether the access token type check is performed or not. This should be set to `false` if the authorization server does not include 'typ' claim in JWT token. Defaults to `true`. + checkAudience: + type: boolean + description: "Enable or disable audience checking. Audience checks identify the recipients of tokens. If audience checking is enabled, the OAuth Client ID also has to be configured using the `clientId` property. The Kafka broker will reject tokens that do not have its `clientId` in their `aud` (audience) claim.Default value is `false`." + checkIssuer: + type: boolean + description: Enable or disable issuer checking. By default issuer is checked using the value configured by `validIssuerUri`. Default value is `true`. + clientAudience: type: string - name: + description: The audience to use when making requests to the authorization server's token endpoint. Used for inter-broker authentication and for configuring OAuth 2.0 over PLAIN using the `clientId` and `secret` method. + clientId: type: string - optional: - type: boolean - type: object - type: object - required: - - type - type: object - metricsConfig: - description: Metrics configuration. - properties: - type: - description: Metrics type. Only 'jmxPrometheusExporter' supported - currently. - enum: - - jmxPrometheusExporter - type: string - valueFrom: - description: ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. - properties: - key: + description: OAuth Client ID which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI. + clientScope: type: string - name: + description: The scope to use when making requests to the authorization server's token endpoint. Used for inter-broker authentication and for configuring OAuth 2.0 over PLAIN using the `clientId` and `secret` method. + clientSecret: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes Secret containing the OAuth client secret which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI. + connectTimeoutSeconds: + type: integer + description: "The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds." + customClaimCheck: type: string - optional: + description: JsonPath filter query to be applied to the JWT token or to the response of the introspection endpoint for additional token validation. Not set by default. + disableTlsHostnameVerification: type: boolean - type: object - type: object - required: - - type - - valueFrom - type: object - readinessProbe: - description: Pod readiness checking for the Cruise Control container. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - resources: - description: CPU and memory resources to reserve for the Cruise - Control container. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - template: - description: Template to specify how Cruise Control resources, - `Deployments` and `Pods`, are generated. - properties: - apiService: - description: Template for Cruise Control API `Service`. - properties: - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on the - `ipFamilyPolicy` setting. Available on Kubernetes 1.20 - and newer. - items: - enum: - - IPv4 - - IPv6 - type: string - type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, `PreferDualStack` - and `RequireDualStack`. `SingleStack` is for a single - IP family. `PreferDualStack` is for two IP families - on dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails unless - there are two IP families on dual-stack configured clusters. - If unspecified, Kubernetes will choose the default value - based on the service type. Available on Kubernetes 1.20 - and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - cruiseControlContainer: - description: Template for the Cruise Control container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: - properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string - type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: + description: Enable or disable TLS hostname verification. Default value is `false`. + enableECDSA: type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: + description: Enable or disable ECDSA support by installing BouncyCastle crypto provider. ECDSA support is always enabled. The BouncyCastle libraries are no longer packaged with Strimzi. Value is ignored. + enableMetrics: type: boolean - procMount: + description: Enable or disable OAuth metrics. Default value is `false`. + enableOauthBearer: + type: boolean + description: Enable or disable OAuth authentication over SASL_OAUTHBEARER. Default value is `true`. + enablePlain: + type: boolean + description: Enable or disable OAuth authentication over SASL_PLAIN. There is no re-authentication support when this mechanism is used. Default value is `false`. + failFast: + type: boolean + description: Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`. + fallbackUserNameClaim: + type: string + description: The fallback username claim to be used for the user ID if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client ID being provided in another claim. It only takes effect if `userNameClaim` is set. + fallbackUserNamePrefix: type: string - readOnlyRootFilesystem: + description: "The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions." + groupsClaim: + type: string + description: JsonPath query used to extract groups for the user during authentication. Extracted groups can be used by a custom authorizer. By default no groups are extracted. + groupsClaimDelimiter: + type: string + description: "A delimiter used to parse groups when they are extracted as a single String value rather than a JSON array. Default value is ',' (comma)." + httpRetries: + type: integer + description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries." + httpRetryPauseMs: + type: integer + description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request." + includeAcceptHeader: type: boolean - runAsGroup: + description: Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. + introspectionEndpointUri: + type: string + description: URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens. + jwksEndpointUri: + type: string + description: "URI of the JWKS certificate endpoint, which can be used for local JWT validation." + jwksExpirySeconds: type: integer - runAsNonRoot: + minimum: 1 + description: Configures how often are the JWKS certificates considered valid. The expiry interval has to be at least 60 seconds longer then the refresh interval specified in `jwksRefreshSeconds`. Defaults to 360 seconds. + jwksIgnoreKeyUse: type: boolean - runAsUser: + description: Flag to ignore the 'use' attribute of `key` declarations in a JWKS endpoint response. Default value is `false`. + jwksMinRefreshPauseSeconds: type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string + minimum: 0 + description: "The minimum pause between two consecutive refreshes. When an unknown signing key is encountered the refresh is scheduled immediately, but will always wait for this minimum pause. Defaults to 1 second." + jwksRefreshSeconds: + type: integer + minimum: 1 + description: Configures how often are the JWKS certificates refreshed. The refresh interval has to be at least 60 seconds shorter then the expiry interval specified in `jwksExpirySeconds`. Defaults to 300 seconds. + listenerConfig: + x-kubernetes-preserve-unknown-fields: true type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string + description: Configuration to be used for a specific listener. All values are prefixed with `listener.name.`. + maxSecondsWithoutReauthentication: + type: integer + description: "Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`)." + readTimeoutSeconds: + type: integer + description: "The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds." + sasl: + type: boolean + description: Enable or disable SASL on this listener. + secrets: + type: array + items: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Secrets to be mounted to `/opt/kafka/custom-authn-secrets/custom-listener--/`. + serverBearerTokenLocation: + type: string + description: Path to the file on the local filesystem that contains a bearer token to be used instead of client ID and secret when authenticating to authorization server. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the secret. + pattern: + type: string + description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used." + oneOf: + - properties: + certificate: {} + required: + - certificate + - properties: + pattern: {} + required: + - pattern + required: + - secretName + description: Trusted certificates for TLS connection to the OAuth server. + tokenEndpointUri: + type: string + description: "URI of the Token Endpoint to use with SASL_PLAIN mechanism when the client authenticates with `clientId` and a `secret`. If set, the client can authenticate over SASL_PLAIN by either setting `username` to `clientId`, and setting `password` to client `secret`, or by setting `username` to account username, and `password` to access token prefixed with `$accessToken:`. If this option is not set, the `password` is always interpreted as an access token (without a prefix), and `username` as the account username (a so called 'no-client-credentials' mode)." + type: + type: string + enum: + - tls + - scram-sha-512 + - oauth + - custom + description: Authentication type. `oauth` type uses SASL OAUTHBEARER Authentication. `scram-sha-512` type uses SASL SCRAM-SHA-512 Authentication. `tls` type uses TLS Client Authentication. `tls` type is supported only on TLS listeners.`custom` type allows for any authentication type to be used. + userInfoEndpointUri: + type: string + description: 'URI of the User Info Endpoint to use as a fallback to obtaining the user id when the Introspection Endpoint does not return information that can be used for the user id. ' + userNameClaim: + type: string + description: "Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`." + userNamePrefix: + type: string + description: "The prefix to use with the value of `userNameClaim` to construct the user ID. This only takes effect if `userNameClaim` is specified and the value is present for the claim. When used in combination with `fallbackUserNameClaims`, it ensures consistent mapping of usernames and client IDs into the same user ID space and prevents name collisions." + validIssuerUri: + type: string + description: URI of the token issuer used for authentication. + validTokenType: + type: string + description: "Valid value for the `token_type` attribute returned by the Introspection Endpoint. No default value, and not checked by default." + required: + - type + description: Authentication configuration for this listener. + configuration: + type: object + properties: + brokerCertChainAndKey: type: object - windowsOptions: properties: - gmsaCredentialSpec: + secretName: type: string - gmsaCredentialSpecName: + description: The name of the Secret containing the certificate. + certificate: type: string - hostProcess: - type: boolean - runAsUserName: + description: The name of the file certificate in the Secret. + key: type: string + description: The name of the private key in the Secret. + required: + - secretName + - certificate + - key + description: Reference to the `Secret` which holds the certificate and private key pair which will be used for this listener. The certificate can optionally contain the whole chain. This field can be used only with listeners with enabled TLS encryption. + class: + type: string + description: |- + Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller is used. If not specified, the default controller is used. + + * For an `ingress` listener, the operator uses this property to set the `ingressClassName` property in the `Ingress` resources. + * For a `loadbalancer` listener, the operator uses this property to set the `loadBalancerClass` property in the `Service` resources. + + For `ingress` and `loadbalancer` listeners only. + externalTrafficPolicy: + type: string + enum: + - Local + - Cluster + description: |- + Specifies whether the service routes external traffic to cluster-wide or node-local endpoints: + + * `Cluster` may cause a second hop to another node and obscures the client source IP. + * `Local` avoids a second hop for `LoadBalancer` and `Nodeport` type services and preserves the client source IP (when supported by the infrastructure). + + If unspecified, Kubernetes uses `Cluster` as the default. For `loadbalancer` or `nodeport` listeners only. + loadBalancerSourceRanges: + type: array + items: + type: string + description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to loadbalancer listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only." + bootstrap: type: object - type: object - type: object - deployment: - description: Template for Cruise Control `Deployment`. - properties: - deploymentStrategy: - description: Pod replacement strategy for deployment configuration - changes. Valid values are `RollingUpdate` and `Recreate`. - Defaults to `RollingUpdate`. - enum: - - RollingUpdate - - Recreate - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - pod: - description: Template for Cruise Control `Pods`. - properties: - affinity: - description: The pod's affinity rules. - properties: - nodeAffinity: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - type: object - weight: - type: integer - type: object + alternativeNames: type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: - properties: - name: - type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: string + description: Additional alternative names for the bootstrap service. The alternative names will be added to the list of subject alternative names of the TLS certificates. + host: type: string - type: + description: Specifies the hostname used for the bootstrap resource. For `route` (optional) or `ingress` (required) listeners only. Ensure the hostname resolves to the Ingress endpoints; no validation is performed by Strimzi. + nodePort: + type: integer + description: Node port for the bootstrap service. For `nodeport` listeners only. + loadBalancerIP: type: string - type: object - supplementalGroups: - items: - type: integer + description: The loadbalancer is requested with the IP address specified in this property. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This property is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only. + annotations: + additionalProperties: + type: string + type: object + description: "Annotations added to `Ingress`, `Route`, or `Service` resources. You can use this property to configure DNS providers such as External DNS. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." + labels: + additionalProperties: + type: string + type: object + description: "Labels added to `Ingress`, `Route`, or `Service` resources. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." + externalIPs: + type: array + items: + type: string + description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This property is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. For `nodeport` listeners only. + description: Bootstrap configuration. + brokers: type: array - sysctls: items: + type: object properties: - name: + broker: + type: integer + description: ID of the kafka broker (broker identifier). Broker IDs start from 0 and correspond to the number of broker replicas. + advertisedHost: type: string - value: + description: The host name used in the brokers' `advertised.listeners`. + advertisedPort: + type: integer + description: The port number used in the brokers' `advertised.listeners`. + host: type: string - type: object + description: The broker host. This field will be used in the Ingress resource or in the Route resource to specify the desired hostname. This field can be used only with `route` (optional) or `ingress` (required) type listeners. + nodePort: + type: integer + description: Node port for the per-broker service. This field can be used only with `nodeport` type listener. + loadBalancerIP: + type: string + description: The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.This field can be used only with `loadbalancer` type listener. + annotations: + additionalProperties: + type: string + type: object + description: "Annotations that will be added to the `Ingress` or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, or `ingress` type listeners." + labels: + additionalProperties: + type: string + type: object + description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + externalIPs: + type: array + items: + type: string + description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This field is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. This field can only be used with `nodeport` type listener. + required: + - broker + description: Per-broker configurations. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: |- + Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`: + + * `SingleStack` is for a single IP family. + * `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. + * `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. + + If unspecified, Kubernetes will choose the default value based on the service type. + ipFamilies: type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: - properties: - effect: - type: string - key: - type: string - operator: + items: type: string - tolerationSeconds: - type: integer - value: + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + createBootstrapService: + type: boolean + description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadbalancer` listener. + finalizers: + type: array + items: type: string - type: object + description: "A list of finalizers configured for the `LoadBalancer` type services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. For `loadbalancer` listeners only." + useServiceDnsDomain: + type: boolean + description: |- + Configures whether the Kubernetes service DNS domain should be included in the generated addresses. + + * If set to `false`, the generated addresses do not contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc`. + * If set to `true`, the generated addresses contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local`. + + The default is `.cluster.local`, but this is customizable using the environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`. For `internal` and `cluster-ip` listeners only. + maxConnections: + type: integer + description: The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. + maxConnectionCreationRate: + type: integer + description: The maximum connection creation rate we allow in this listener at any time. New connections will be throttled if the limit is reached. + preferredNodePortAddressType: + type: string + enum: + - ExternalIP + - ExternalDNS + - InternalIP + - InternalDNS + - Hostname + description: |- + Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses are used in the following order (the first one found is used): + + * `ExternalDNS` + * `ExternalIP` + * `InternalDNS` + * `InternalIP` + * `Hostname` + + This property is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order.For `nodeport` listeners only. + publishNotReadyAddresses: + type: boolean + description: Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` listeners. + description: Additional listener configuration. + networkPolicyPeers: type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. items: + type: object properties: - labelSelector: + ipBlock: + type: object + properties: + cidr: + type: string + except: + type: array + items: + type: string + namespaceSelector: + type: object properties: matchExpressions: + type: array items: + type: object properties: key: type: string operator: type: string values: + type: array items: type: string - type: array - type: object - type: array matchLabels: + additionalProperties: + type: string type: object - x-kubernetes-preserve-unknown-fields: true + podSelector: type: object - matchLabelKeys: - items: - type: string - type: array - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - type: object - type: array - type: object - podDisruptionBudget: - description: Template for Cruise Control `PodDisruptionBudget`. - properties: - maxUnavailable: - description: Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is allowed when - the `maxUnavailable` number of pods or fewer are unavailable - after the eviction. Setting this value to 0 prevents - all voluntary evictions, so the pods must be evicted - manually. Defaults to 1. - minimum: 0 - type: integer - metadata: - description: Metadata to apply to the `PodDisruptionBudgetTemplate` - resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + description: "List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list." + required: + - name + - port + - type + - tls + description: Configures listeners to provide access to Kafka brokers. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Kafka broker config properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., log.dir, zookeeper.connect, zookeeper.set.acl, zookeeper.ssl, zookeeper.clientCnxnSocket, authorizer., super.user, cruise.control.metrics.topic, cruise.control.metrics.reporter.bootstrap.servers, node.id, process.roles, controller., metadata.log.dir, zookeeper.metadata.migration.enable, client.quota.callback.static.kafka.admin., client.quota.callback.static.produce, client.quota.callback.static.fetch, client.quota.callback.static.storage.per.volume.limit.min.available., client.quota.callback.static.excluded.principal.name.list (with the exception of: zookeeper.connection.timeout.ms, sasl.server.max.receive.size, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, ssl.secure.random.implementation, cruise.control.metrics.topic.num.partitions, cruise.control.metrics.topic.replication.factor, cruise.control.metrics.topic.retention.ms, cruise.control.metrics.topic.auto.create.retries, cruise.control.metrics.topic.auto.create.timeout.ms, cruise.control.metrics.topic.min.insync.replicas, controller.quorum.election.backoff.max.ms, controller.quorum.election.timeout.ms, controller.quorum.fetch.timeout.ms)." + storage: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. + kraftMetadata: + type: string + enum: + - shared + description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set." + overrides: + type: array + items: type: object - type: object - serviceAccount: - description: Template for the Cruise Control service account. - properties: - metadata: - description: Metadata applied to the resource. properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true + class: + type: string + description: The storage class to use for dynamic volume allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. + selector: + additionalProperties: + type: string + type: object + description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. + size: + type: string + description: "When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`." + sizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." + type: + type: string + enum: + - ephemeral + - persistent-claim + - jbod + description: "Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'." + volumes: + type: array + items: type: object - type: object - tlsSidecarContainer: - description: Template for the Cruise Control TLS sidecar container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: - properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string - type: object - type: array - securityContext: - description: Security context for the container. properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + class: type: string - readOnlyRootFilesystem: + description: The storage class to use for dynamic volume allocation. + deleteClaim: type: boolean - runAsGroup: + description: Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. + id: type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string + minimum: 0 + description: Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration. + kraftMetadata: + type: string + enum: + - shared + description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set." + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. + selector: + additionalProperties: + type: string type: object - type: object - type: object - type: object - tlsSidecar: - description: TLS sidecar configuration. - properties: - image: - description: The docker image for the container. - type: string - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logLevel: - description: The log level for the TLS sidecar. Default value - is `notice`. - enum: - - emerg - - alert - - crit - - err - - warning - - notice - - info - - debug - type: string - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - entityOperator: - description: Configuration of the Entity Operator. - properties: - template: - description: Template for Entity Operator resources. The template - allows users to specify how a `Deployment` and `Pod` is generated. - properties: - deployment: - description: Template for Entity Operator `Deployment`. - properties: - deploymentStrategy: - description: Pod replacement strategy for deployment configuration - changes. Valid values are `RollingUpdate` and `Recreate`. - Defaults to `RollingUpdate`. - enum: - - RollingUpdate - - Recreate + description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. + size: + type: string + description: "When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`." + sizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." + type: + type: string + enum: + - ephemeral + - persistent-claim + description: "Storage type, must be either 'ephemeral' or 'persistent-claim'." + required: + - type + description: List of volumes as Storage objects representing the JBOD disks array. + required: + - type + description: Storage configuration (disk). Cannot be updated. This property is required when node pools are not used. + authorization: + type: object + properties: + allowOnError: + type: boolean + description: "Defines whether a Kafka client should be allowed or denied by default when the authorizer fails to query the Open Policy Agent, for example, when it is temporarily unavailable). Defaults to `false` - all actions will be denied." + authorizerClass: + type: string + description: "Authorization implementation class, which must be available in classpath." + clientId: + type: string + description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + minimum: 1 + description: "The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds." + delegateToKafkaAcls: + type: boolean + description: Whether authorization decision should be delegated to the 'Simple' authorizer if DENIED by Keycloak Authorization Services policies. Default value is `false`. + disableTlsHostnameVerification: + type: boolean + description: Enable or disable TLS hostname verification. Default value is `false`. + enableMetrics: + type: boolean + description: Enable or disable OAuth metrics. The default value is `false`. + expireAfterMs: + type: integer + description: The expiration of the records kept in the local cache to avoid querying the Open Policy Agent for every request. Defines how often the cached authorization decisions are reloaded from the Open Policy Agent server. In milliseconds. Defaults to `3600000`. + grantsAlwaysLatest: + type: boolean + description: "Controls whether the latest grants are fetched for a new session. When enabled, grants are retrieved from Keycloak and cached for the user. The default value is `false`." + grantsGcPeriodSeconds: + type: integer + minimum: 1 + description: "The time, in seconds, between consecutive runs of a job that cleans stale grants from the cache. The default value is 300." + grantsMaxIdleTimeSeconds: + type: integer + minimum: 1 + description: "The time, in seconds, after which an idle grant can be evicted from the cache. The default value is 300." + grantsRefreshPeriodSeconds: + type: integer + minimum: 0 + description: The time between two consecutive grants refresh runs in seconds. The default value is 60. + grantsRefreshPoolSize: + type: integer + minimum: 1 + description: "The number of threads to use to refresh grants for active sessions. The more threads, the more parallelism, so the sooner the job completes. However, using more threads places a heavier load on the authorization server. The default value is 5." + httpRetries: + type: integer + minimum: 0 + description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries." + includeAcceptHeader: + type: boolean + description: Whether the Accept header should be set in requests to the authorization servers. The default value is `true`. + initialCacheCapacity: + type: integer + description: Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request Defaults to `5000`. + maximumCacheSize: + type: integer + description: Maximum capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request. Defaults to `50000`. + readTimeoutSeconds: + type: integer + minimum: 1 + description: "The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds." + superUsers: + type: array + items: type: string - metadata: - description: Metadata applied to the resource. + description: "List of super users, which are user principals with unlimited access rights." + supportsAdminApi: + type: boolean + description: Indicates whether the custom authorizer supports the APIs for managing ACLs using the Kafka Admin API. Defaults to `false`. + tlsTrustedCertificates: + type: array + items: + type: object properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the secret. + pattern: + type: string + description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used." + oneOf: + - properties: + certificate: {} + required: + - certificate + - properties: + pattern: {} + required: + - pattern + required: + - secretName + description: Trusted certificates for TLS connection to the OAuth server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - simple + - opa + - keycloak + - custom + description: "Authorization type. Currently, the supported types are `simple`, `keycloak`, `opa` and `custom`. `simple` authorization type uses Kafka's built-in authorizer for authorization. `keycloak` authorization type uses Keycloak Authorization Services for authorization. `opa` authorization type uses Open Policy Agent based authorization.`custom` authorization type uses user-provided implementation for authorization." + url: + type: string + example: http://opa:8181/v1/data/kafka/authz/allow + description: The URL used to connect to the Open Policy Agent server. The URL has to include the policy which will be queried by the authorizer. This option is required. + required: + - type + description: Authorization configuration for Kafka brokers. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: "A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2." + required: + - topologyKey + description: Configuration of the `broker.rack` broker config. + brokerRackInitImage: + type: string + description: The image of the init container used for initializing the `broker.rack`. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array + items: type: object - type: object - entityOperatorRole: - description: Template for the Entity Operator Role. - properties: - metadata: - description: Metadata applied to the resource. properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. + required: + - type + description: Authentication configuration for connecting to the JMX port. + description: JMX Options for Kafka brokers. + resources: + type: object + properties: + claims: + type: array + items: type: object - type: object - pod: - description: Template for Entity Operator `Pods`. - properties: - affinity: - description: The pod's affinity rules. properties: - nodeAffinity: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: Metrics type. Only 'jmxPrometheusExporter' supported currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. ' + required: + - type + - valueFrom + description: Metrics configuration. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: "Logging type, must be either 'inline' or 'external'." + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: '`ConfigMap` entry where the logging configuration is stored. ' + required: + - type + description: Logging configuration for Kafka. + template: + type: object + properties: + statefulset: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + podManagementPolicy: + type: string + enum: + - OrderedReady + - Parallel + description: PodManagementPolicy which will be used for this StatefulSet. Valid values are `Parallel` and `OrderedReady`. Defaults to `Parallel`. + description: Template for Kafka `StatefulSet`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: + name: + type: string + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchFields: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: type: string - type: array + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: - properties: - name: - type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + description: The pod's affinity rules. + tolerations: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + effect: type: string - role: - type: string - type: - type: string - user: + key: type: string - type: object - seccompProfile: - properties: - localhostProfile: + operator: type: string - type: + tolerationSeconds: + type: integer + value: type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: type: object - supplementalGroups: - items: - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - windowsOptions: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - items: - type: string - type: array - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - type: object - type: array - type: object - serviceAccount: - description: Template for the Entity Operator service account. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - tlsSidecarContainer: - description: Template for the Entity Operator TLS sidecar - container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: - properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string - type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array items: type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: + type: object + properties: + hostnames: type: array - drop: items: type: string - type: array + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + name: type: string - role: + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for Kafka `Pods`. + bootstrapService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - user: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + description: Template for Kafka bootstrap `Service`. + brokersService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + description: Template for Kafka broker `Service`. + externalBootstrapService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - gmsaCredentialSpecName: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Service`. + perPodService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - hostProcess: - type: boolean - runAsUserName: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - type: object - type: object - topicOperatorContainer: - description: Template for the Entity Topic Operator container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Services` used for access from outside of Kubernetes. + externalBootstrapRoute: + type: object + properties: + metadata: + type: object properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Route`. + perPodRoute: + type: object + properties: + metadata: type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: + properties: + labels: + additionalProperties: type: string - role: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Routes` used for access from outside of OpenShift. + externalBootstrapIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Ingress`. + perPodIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - gmsaCredentialSpecName: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - hostProcess: - type: boolean - runAsUserName: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for all Kafka `PersistentVolumeClaims`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." + description: Template for Kafka `PodDisruptionBudget`. + kafkaContainer: + type: object + properties: + env: + type: array + items: type: object - type: object - type: object - topicOperatorRoleBinding: - description: Template for the Entity Topic Operator RoleBinding. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - userOperatorContainer: - description: Template for the Entity User Operator container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: type: string - type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: type: string - type: array - drop: - items: + role: type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: + type: object properties: - level: + mountPath: + type: string + mountPropagation: type: string - role: + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: type: string - type: + subPath: type: string - user: + subPathExpr: type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Kafka broker container. + initContainer: + type: object + properties: + env: + type: array + items: type: object - seccompProfile: properties: - localhostProfile: + name: type: string - type: + description: The environment variable key. + value: type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - windowsOptions: properties: - gmsaCredentialSpec: + mountPath: type: string - gmsaCredentialSpecName: + mountPropagation: type: string - hostProcess: + name: + type: string + readOnly: type: boolean - runAsUserName: + recursiveReadOnly: type: string - type: object - type: object - type: object - userOperatorRoleBinding: - description: Template for the Entity Topic Operator RoleBinding. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - tlsSidecar: - description: TLS sidecar configuration. - properties: - image: - description: The docker image for the container. - type: string - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logLevel: - description: The log level for the TLS sidecar. Default value - is `notice`. - enum: - - emerg - - alert - - crit - - err - - warning - - notice - - info - - debug - type: string - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - topicOperator: - description: Configuration of the Topic Operator. - properties: - image: - description: The image to use for the Topic Operator. - type: string - jvmOptions: - description: JVM Options for pods. - properties: - -XX: - description: A map of -XX options to the JVM. - type: object - x-kubernetes-preserve-unknown-fields: true - -Xms: - description: -Xms option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - -Xmx: - description: -Xmx option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - gcLoggingEnabled: - description: Specifies whether the Garbage Collection - logging is enabled. The default is false. - type: boolean - javaSystemProperties: - description: A map of additional system properties which - will be passed using the `-D` option to the JVM. - items: + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Kafka init container. + clusterCaCert: + type: object + properties: + metadata: + type: object properties: - name: - description: The system property name. - type: string - value: - description: The system property value. - type: string + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Secret with Kafka Cluster certificate public key. + serviceAccount: + type: object + properties: + metadata: type: object - type: array - type: object - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: Logging configuration. - properties: - loggers: - description: A Map from logger name to logger level. - type: object - x-kubernetes-preserve-unknown-fields: true - type: - description: Logging type, must be either 'inline' or - 'external'. - enum: - - inline - - external - type: string - valueFrom: - description: '`ConfigMap` entry where the logging configuration - is stored. ' - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap - containing the configuration. - properties: - key: + properties: + labels: + additionalProperties: type: string - name: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - optional: - type: boolean - type: object - type: object - required: - - type - type: object - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - reconciliationIntervalSeconds: - description: Interval between periodic reconciliations. - minimum: 0 - type: integer - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - startupProbe: - description: Pod startup checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - topicMetadataMaxAttempts: - description: The number of attempts at getting topic metadata. - minimum: 0 - type: integer - watchedNamespace: - description: The namespace the Topic Operator should watch. - type: string - zookeeperSessionTimeoutSeconds: - description: Timeout for the ZooKeeper session. - minimum: 0 - type: integer - type: object - userOperator: - description: Configuration of the User Operator. - properties: - image: - description: The image to use for the User Operator. - type: string - jvmOptions: - description: JVM Options for pods. - properties: - -XX: - description: A map of -XX options to the JVM. - type: object - x-kubernetes-preserve-unknown-fields: true - -Xms: - description: -Xms option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - -Xmx: - description: -Xmx option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - gcLoggingEnabled: - description: Specifies whether the Garbage Collection - logging is enabled. The default is false. - type: boolean - javaSystemProperties: - description: A map of additional system properties which - will be passed using the `-D` option to the JVM. - items: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka service account. + jmxSecret: + type: object + properties: + metadata: + type: object properties: - name: - description: The system property name. - type: string - value: - description: The system property value. - type: string + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Secret of the Kafka Cluster JMX authentication. + clusterRoleBinding: + type: object + properties: + metadata: type: object - type: array - type: object - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: Logging configuration. - properties: - loggers: - description: A Map from logger name to logger level. - type: object - x-kubernetes-preserve-unknown-fields: true - type: - description: Logging type, must be either 'inline' or - 'external'. - enum: - - inline - - external - type: string - valueFrom: - description: '`ConfigMap` entry where the logging configuration - is stored. ' - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap - containing the configuration. - properties: - key: + properties: + labels: + additionalProperties: type: string - name: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - optional: - type: boolean - type: object - type: object - required: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka ClusterRoleBinding. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + description: Template for Kafka cluster resources. The template allows users to specify how the Kubernetes resources are generated. + tieredStorage: + type: object + properties: + remoteStorageManager: + type: object + properties: + className: + type: string + description: The class name for the `RemoteStorageManager` implementation. + classPath: + type: string + description: The class path for the `RemoteStorageManager` implementation. + config: + additionalProperties: + type: string + type: object + description: "The additional configuration map for the `RemoteStorageManager` implementation. Keys will be automatically prefixed with `rsm.config.`, and added to Kafka broker configuration." + description: Configuration for the Remote Storage Manager. + type: + type: string + enum: + - custom + description: "Storage type, only 'custom' is supported at the moment." + required: - type - type: object - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health - is first checked. Default to 15 seconds. Minimum value - is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - reconciliationIntervalSeconds: - description: Interval between periodic reconciliations. - minimum: 0 - type: integer - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - secretPrefix: - description: The prefix that will be added to the KafkaUser - name to be used as the Secret name. - type: string - watchedNamespace: - description: The namespace the User Operator should watch. - type: string - zookeeperSessionTimeoutSeconds: - description: Timeout for the ZooKeeper session. - minimum: 0 - type: integer - type: object - type: object - jmxTrans: - description: Configuration for JmxTrans. When the property is present - a JmxTrans deployment is created for gathering JMX metrics from - each Kafka broker. For more information see https://github.com/jmxtrans/jmxtrans[JmxTrans - GitHub]. - properties: - image: - description: The image to use for the JmxTrans. - type: string - kafkaQueries: - description: Queries to send to the Kafka brokers to define what - data should be read from each broker. For more information on - these properties see, xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` - schema reference]. - items: + description: Configure the tiered storage feature for Kafka brokers. + quotas: + type: object + properties: + consumerByteRate: + type: integer + minimum: 0 + description: "A per-broker byte-rate quota for clients consuming from a broker, independent of their number. If clients consume at maximum speed, the quota is shared equally between all non-excluded consumers. Otherwise, the quota is divided based on each client's consumption rate." + controllerMutationRate: + type: number + minimum: 0 + description: "The default client quota on the rate at which mutations are accepted per second for create topic requests, create partition requests, and delete topic requests, defined for each broker. The mutations rate is measured by the number of partitions created or deleted. Applied on a per-broker basis." + excludedPrincipals: + type: array + items: + type: string + description: "List of principals that are excluded from the quota. The principals have to be prefixed with `User:`, for example `User:my-user;User:CN=my-other-user`." + minAvailableBytesPerVolume: + type: integer + minimum: 0 + description: Stop message production if the available size (in bytes) of the storage is lower than or equal to this specified value. This condition is mutually exclusive with `minAvailableRatioPerVolume`. + minAvailableRatioPerVolume: + type: number + minimum: 0 + maximum: 1 + description: Stop message production if the percentage of available storage space falls below or equals the specified ratio (set as a decimal representing a percentage). This condition is mutually exclusive with `minAvailableBytesPerVolume`. + producerByteRate: + type: integer + minimum: 0 + description: "A per-broker byte-rate quota for clients producing to a broker, independent of their number. If clients produce at maximum speed, the quota is shared equally between all non-excluded producers. Otherwise, the quota is divided based on each client's production rate." + requestPercentage: + type: integer + minimum: 0 + description: The default client quota limits the maximum CPU utilization of each client as a percentage of the network and I/O threads of each broker. Applied on a per-broker basis. + type: + type: string + enum: + - kafka + - strimzi + description: "Quotas plugin type. Currently, the supported types are `kafka` and `strimzi`. `kafka` quotas type uses Kafka's built-in quotas plugin. `strimzi` quotas type uses Strimzi quotas plugin." + required: + - type + description: "Quotas plugin configuration for Kafka brokers allows setting quotas for disk usage, produce/fetch rates, and more. Supported plugin types include `kafka` (default) and `strimzi`. If not specified, the default `kafka` quotas plugin is used." + required: + - listeners + description: Configuration of the Kafka cluster. + zookeeper: + type: object + properties: + replicas: + type: integer + minimum: 1 + description: The number of pods in the cluster. + image: + type: string + description: "The container image used for ZooKeeper pods. If no image name is explicitly specified, it is determined based on the Kafka version set in `spec.kafka.version`. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration." + storage: + type: object properties: - attributes: - description: Determine which attributes of the targeted - MBean should be included. - items: - type: string + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration. + kraftMetadata: + type: string + enum: + - shared + description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set." + overrides: type: array - outputs: - description: List of the names of output definitions specified - in the spec.kafka.jmxTrans.outputDefinitions that have - defined where JMX metrics are pushed to, and in which - data format. items: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. + selector: + additionalProperties: type: string - type: array - targetMBean: - description: If using wildcards instead of a specific MBean - then the data is gathered from multiple MBeans. Otherwise - if specifying an MBean then data is gathered from that - specified MBean. + type: object + description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. + size: + type: string + description: "When `type=persistent-claim`, defines the size of the persistent volume claim, such as 100Gi. Mandatory when `type=persistent-claim`." + sizeLimit: type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." + type: + type: string + enum: + - ephemeral + - persistent-claim + description: "Storage type, must be either 'ephemeral' or 'persistent-claim'." required: - - targetMBean - - attributes - - outputs + - type + description: Storage configuration (disk). Cannot be updated. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "The ZooKeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme, snapshot.trust.empty, standaloneEnabled, reconfigEnabled, 4lw.commands.whitelist, secureClientPort, ssl., serverCnxnFactory, sslQuorum (with the exception of: ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, ssl.quorum.enabledProtocols, ssl.ciphersuites, ssl.quorum.ciphersuites, ssl.hostnameVerification, ssl.quorum.hostnameVerification)." + livenessProbe: type: object - type: array - logLevel: - description: Sets the logging level of the JmxTrans deployment.For - more information see, https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans - Logging Level]. - type: string - outputDefinitions: - description: Defines the output hosts that will be referenced - later on. For more information on these properties see, xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` - schema reference]. - items: properties: - flushDelayInSeconds: - description: How many seconds the JmxTrans waits before - pushing a new set of data out. + initialDelaySeconds: type: integer - host: - description: The DNS/hostname of the remote host that the - data is pushed to. - type: string - name: - description: Template for setting the name of the output - definition. This is used to identify where to send the - results of queries should be sent. + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": type: string - outputType: - description: Template for setting the format of the data - that will be pushed.For more information see https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans - OutputWriters]. + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": type: string - port: - description: The port of the remote host that the data is - pushed to. - type: integer - typeNames: - description: Template for filtering data to be included - in response to a wildcard query. For more information - see https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans - queries]. + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array items: - type: string + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. + required: + - type + description: Authentication configuration for connecting to the JMX port. + description: JMX Options for Zookeeper nodes. + resources: + type: object + properties: + claims: type: array - required: - - outputType - - name + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + metricsConfig: type: object - type: array - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - template: - description: Template for JmxTrans resources. - properties: - container: - description: Template for JmxTrans container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: Metrics type. Only 'jmxPrometheusExporter' supported currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object properties: + key: + type: string name: - description: The environment variable key. type: string - value: - description: The environment variable value. + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. ' + required: + - type + - valueFrom + description: Metrics configuration. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: "Logging type, must be either 'inline' or 'external'." + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: '`ConfigMap` entry where the logging configuration is stored. ' + required: + - type + description: Logging configuration for ZooKeeper. + template: + type: object + properties: + statefulset: + type: object + properties: + metadata: type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: + properties: + labels: + additionalProperties: type: string - role: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + podManagementPolicy: + type: string + enum: + - OrderedReady + - Parallel + description: PodManagementPolicy which will be used for this StatefulSet. Valid values are `Parallel` and `OrderedReady`. Defaults to `Parallel`. + description: Template for ZooKeeper `StatefulSet`. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for ZooKeeper `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: type: object - windowsOptions: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: type: string - type: object - type: object - type: object - deployment: - description: Template for JmxTrans `Deployment`. - properties: - deploymentStrategy: - description: Pod replacement strategy for deployment configuration - changes. Valid values are `RollingUpdate` and `Recreate`. - Defaults to `RollingUpdate`. - enum: - - RollingUpdate - - Recreate - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - pod: - description: Template for JmxTrans `Pods`. - properties: - affinity: - description: The pod's affinity rules. - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array - type: object - type: array - type: object - weight: - type: integer + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchFields: - items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string + matchExpressions: type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - type: array + description: The pod's affinity rules. + tolerations: + type: array + items: type: object - podAntiAffinity: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: + key: + type: string + operator: + type: string + values: + type: array items: type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: type: array - requiredDuringSchedulingIgnoredDuringExecution: items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaceSelector: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaces: - items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for ZooKeeper `Pods`. + clientService: + type: object + properties: + metadata: + type: object properties: - hostnames: - items: + labels: + additionalProperties: type: string - type: array - ip: - type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + description: Template for ZooKeeper client `Service`. + nodesService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + description: Template for ZooKeeper nodes `Service`. + persistentVolumeClaim: + type: object + properties: + metadata: type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: properties: - name: - type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: + labels: + additionalProperties: type: string - role: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for all ZooKeeper `PersistentVolumeClaims`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." + description: Template for ZooKeeper `PodDisruptionBudget`. + zookeeperContainer: + type: object + properties: + env: + type: array + items: type: object - seccompProfile: properties: - localhostProfile: + name: type: string - type: + description: The environment variable key. + value: type: string - type: object - supplementalGroups: - items: + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: type: integer - type: array - sysctls: - items: + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object properties: - name: + level: type: string - value: + role: type: string + type: + type: string + user: + type: string + seccompProfile: type: object - type: array - windowsOptions: + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: + type: object properties: - gmsaCredentialSpec: + mountPath: type: string - gmsaCredentialSpecName: + mountPropagation: + type: string + name: type: string - hostProcess: + readOnly: type: boolean - runAsUserName: + recursiveReadOnly: type: string - type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the ZooKeeper container. + serviceAccount: + type: object + properties: + metadata: + type: object properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the ZooKeeper service account. + jmxSecret: + type: object + properties: + metadata: type: object - type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. - items: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string type: object - matchLabelKeys: - items: + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: array - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Secret of the Zookeeper Cluster JMX authentication. + description: Template for ZooKeeper cluster resources. The template allows users to specify how the Kubernetes resources are generated. + required: + - replicas + - storage + description: Configuration of the ZooKeeper cluster. This section is required when running a ZooKeeper-based Apache Kafka cluster. + entityOperator: + type: object + properties: + topicOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the Topic Operator should watch. + image: + type: string + description: The image to use for the Topic Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations in seconds. Ignored if reconciliationIntervalMs is set. + reconciliationIntervalMs: + type: integer + minimum: 0 + description: Interval between periodic reconciliations in milliseconds. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + startupProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod startup checking. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true type: object - type: array - type: object - serviceAccount: - description: Template for the JmxTrans service account. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + topicMetadataMaxAttempts: + type: integer + minimum: 0 + description: The number of attempts at getting topic metadata. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: "Logging type, must be either 'inline' or 'external'." + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: '`ConfigMap` entry where the logging configuration is stored. ' + required: + - type + description: Logging configuration. + jvmOptions: + type: object + properties: + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the Topic Operator. + userOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the User Operator should watch. + image: + type: string + description: The image to use for the User Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations in seconds. Ignored if reconciliationIntervalMs is set. + reconciliationIntervalMs: + type: integer + minimum: 0 + description: Interval between periodic reconciliations in milliseconds. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + secretPrefix: + type: string + description: The prefix that will be added to the KafkaUser name to be used as the Secret name. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + resources: + type: object + properties: + claims: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - required: - - outputDefinitions - - kafkaQueries - type: object - kafka: - description: Configuration of the Kafka cluster. - properties: - authorization: - description: Authorization configuration for Kafka brokers. - properties: - allowOnError: - description: Defines whether a Kafka client should be allowed - or denied by default when the authorizer fails to query - the Open Policy Agent, for example, when it is temporarily - unavailable). Defaults to `false` - all actions will be - denied. - type: boolean - authorizerClass: - description: Authorization implementation class, which must - be available in classpath. - type: string - clientId: - description: OAuth Client ID which the Kafka client can use - to authenticate against the OAuth server and use the token - endpoint URI. - type: string - connectTimeoutSeconds: - description: The connect timeout in seconds when connecting - to authorization server. If not set, the effective connect - timeout is 60 seconds. - minimum: 1 - type: integer - delegateToKafkaAcls: - description: Whether authorization decision should be delegated - to the 'Simple' authorizer if DENIED by Keycloak Authorization - Services policies. Default value is `false`. - type: boolean - disableTlsHostnameVerification: - description: Enable or disable TLS hostname verification. - Default value is `false`. - type: boolean - enableMetrics: - description: Enable or disable OAuth metrics. Default value - is `false`. - type: boolean - expireAfterMs: - description: The expiration of the records kept in the local - cache to avoid querying the Open Policy Agent for every - request. Defines how often the cached authorization decisions - are reloaded from the Open Policy Agent server. In milliseconds. - Defaults to `3600000`. - type: integer - grantsRefreshPeriodSeconds: - description: The time between two consecutive grants refresh - runs in seconds. The default value is 60. - minimum: 0 - type: integer - grantsRefreshPoolSize: - description: The number of threads to use to refresh grants - for active sessions. The more threads, the more parallelism, - so the sooner the job completes. However, using more threads - places a heavier load on the authorization server. The default - value is 5. - minimum: 1 - type: integer - httpRetries: - description: The maximum number of retries to attempt if an - initial HTTP request fails. If not set, the default is to - not attempt any retries. - minimum: 0 - type: integer - initialCacheCapacity: - description: Initial capacity of the local cache used by the - authorizer to avoid querying the Open Policy Agent for every - request Defaults to `5000`. - type: integer - maximumCacheSize: - description: Maximum capacity of the local cache used by the - authorizer to avoid querying the Open Policy Agent for every - request. Defaults to `50000`. - type: integer - readTimeoutSeconds: - description: The read timeout in seconds when connecting to - authorization server. If not set, the effective read timeout - is 60 seconds. - minimum: 1 - type: integer - superUsers: - description: List of super users, which are user principals - with unlimited access rights. - items: - type: string - type: array - supportsAdminApi: - description: Indicates whether the custom authorizer supports - the APIs for managing ACLs using the Kafka Admin API. Defaults - to `false`. - type: boolean - tlsTrustedCertificates: - description: Trusted certificates for TLS connection to the - OAuth server. - items: + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + logging: + type: object properties: - certificate: - description: The name of the file certificate in the - Secret. - type: string - secretName: - description: The name of the Secret containing the certificate. + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: type: string + enum: + - inline + - external + description: "Logging type, must be either 'inline' or 'external'." + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: '`ConfigMap` entry where the logging configuration is stored. ' required: - - certificate - - secretName + - type + description: Logging configuration. + jvmOptions: type: object - type: array - tokenEndpointUri: - description: Authorization server token endpoint URI. - type: string - type: - description: Authorization type. Currently, the supported - types are `simple`, `keycloak`, `opa` and `custom`. `simple` - authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` - class for authorization. `keycloak` authorization type uses - Keycloak Authorization Services for authorization. `opa` - authorization type uses Open Policy Agent based authorization.`custom` - authorization type uses user-provided implementation for - authorization. - enum: - - simple - - opa - - keycloak - - custom - type: string - url: - description: The URL used to connect to the Open Policy Agent - server. The URL has to include the policy which will be - queried by the authorizer. This option is required. - example: http://opa:8181/v1/data/kafka/authz/allow - type: string - required: - - type - type: object - brokerRackInitImage: - description: The image of the init container used for initializing - the `broker.rack`. - type: string - config: - description: 'Kafka broker config properties with the following - prefixes cannot be set: listeners, advertised., broker., listener., - host.name, port, inter.broker.listener.name, sasl., ssl., security., - password., log.dir, zookeeper.connect, zookeeper.set.acl, zookeeper.ssl, - zookeeper.clientCnxnSocket, authorizer., super.user, cruise.control.metrics.topic, - cruise.control.metrics.reporter.bootstrap.servers,node.id, process.roles, - controller. (with the exception of: zookeeper.connection.timeout.ms, - sasl.server.max.receive.size,ssl.cipher.suites, ssl.protocol, - ssl.enabled.protocols, ssl.secure.random.implementation,cruise.control.metrics.topic.num.partitions, - cruise.control.metrics.topic.replication.factor, cruise.control.metrics.topic.retention.ms,cruise.control.metrics.topic.auto.create.retries, - cruise.control.metrics.topic.auto.create.timeout.ms,cruise.control.metrics.topic.min.insync.replicas,controller.quorum.election.backoff.max.ms, - controller.quorum.election.timeout.ms, controller.quorum.fetch.timeout.ms).' - type: object - x-kubernetes-preserve-unknown-fields: true - image: - description: The docker image for the pods. The default value - depends on the configured `Kafka.spec.kafka.version`. - type: string - jmxOptions: - description: JMX Options for Kafka brokers. - properties: - authentication: - description: Authentication configuration for connecting to - the JMX port. - properties: - type: - description: Authentication type. Currently the only supported - types are `password`.`password` type creates a username - and protected port with no TLS. - enum: - - password - type: string - required: - - type - type: object - type: object - jvmOptions: - description: JVM Options for pods. - properties: - -XX: - description: A map of -XX options to the JVM. - type: object - x-kubernetes-preserve-unknown-fields: true - -Xms: - description: -Xms option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - -Xmx: - description: -Xmx option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - gcLoggingEnabled: - description: Specifies whether the Garbage Collection logging - is enabled. The default is false. - type: boolean - javaSystemProperties: - description: A map of additional system properties which will - be passed using the `-D` option to the JVM. - items: properties: - name: - description: The system property name. + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": type: string - value: - description: The system property value. + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": type: string - type: object - type: array - type: object - listeners: - description: Configures listeners of Kafka brokers. - items: + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the User Operator. + tlsSidecar: + type: object properties: - authentication: - description: Authentication configuration for this listener. + image: + type: string + description: The docker image for the container. + resources: + type: object properties: - accessTokenIsJwt: - description: Configure whether the access token is treated - as JWT. This must be set to `false` if the authorization - server returns opaque tokens. Defaults to `true`. - type: boolean - checkAccessTokenType: - description: Configure whether the access token type - check is performed or not. This should be set to `false` - if the authorization server does not include 'typ' - claim in JWT token. Defaults to `true`. - type: boolean - checkAudience: - description: Enable or disable audience checking. Audience - checks identify the recipients of tokens. If audience - checking is enabled, the OAuth Client ID also has - to be configured using the `clientId` property. The - Kafka broker will reject tokens that do not have its - `clientId` in their `aud` (audience) claim.Default - value is `false`. - type: boolean - checkIssuer: - description: Enable or disable issuer checking. By default - issuer is checked using the value configured by `validIssuerUri`. - Default value is `true`. - type: boolean - clientAudience: - description: The audience to use when making requests - to the authorization server's token endpoint. Used - for inter-broker authentication and for configuring - OAuth 2.0 over PLAIN using the `clientId` and `secret` - method. - type: string - clientId: - description: OAuth Client ID which the Kafka broker - can use to authenticate against the authorization - server and use the introspect endpoint URI. - type: string - clientScope: - description: The scope to use when making requests to - the authorization server's token endpoint. Used for - inter-broker authentication and for configuring OAuth - 2.0 over PLAIN using the `clientId` and `secret` method. - type: string - clientSecret: - description: Link to Kubernetes Secret containing the - OAuth client secret which the Kafka broker can use - to authenticate against the authorization server and - use the introspect endpoint URI. - properties: - key: - description: The key under which the secret value - is stored in the Kubernetes Secret. - type: string - secretName: - description: The name of the Kubernetes Secret containing - the secret value. - type: string - required: - - key - - secretName + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true type: object - connectTimeoutSeconds: - description: The connect timeout in seconds when connecting - to authorization server. If not set, the effective - connect timeout is 60 seconds. + description: CPU and memory resources to reserve. + livenessProbe: + type: object + properties: + initialDelaySeconds: type: integer - customClaimCheck: - description: JsonPath filter query to be applied to - the JWT token or to the response of the introspection - endpoint for additional token validation. Not set - by default. - type: string - disableTlsHostnameVerification: - description: Enable or disable TLS hostname verification. - Default value is `false`. - type: boolean - enableECDSA: - description: Enable or disable ECDSA support by installing - BouncyCastle crypto provider. ECDSA support is always - enabled. The BouncyCastle libraries are no longer - packaged with Strimzi. Value is ignored. - type: boolean - enableMetrics: - description: Enable or disable OAuth metrics. Default - value is `false`. - type: boolean - enableOauthBearer: - description: Enable or disable OAuth authentication - over SASL_OAUTHBEARER. Default value is `true`. - type: boolean - enablePlain: - description: Enable or disable OAuth authentication - over SASL_PLAIN. There is no re-authentication support - when this mechanism is used. Default value is `false`. - type: boolean - failFast: - description: Enable or disable termination of Kafka - broker processes due to potentially recoverable runtime - errors during startup. Default value is `true`. - type: boolean - fallbackUserNameClaim: - description: The fallback username claim to be used - for the user id if the claim specified by `userNameClaim` - is not present. This is useful when `client_credentials` - authentication only results in the client id being - provided in another claim. It only takes effect if - `userNameClaim` is set. - type: string - fallbackUserNamePrefix: - description: The prefix to use with the value of `fallbackUserNameClaim` - to construct the user id. This only takes effect if - `fallbackUserNameClaim` is true, and the value is - present for the claim. Mapping usernames and client - ids into the same user id space is useful in preventing - name collisions. - type: string - groupsClaim: - description: JsonPath query used to extract groups for - the user during authentication. Extracted groups can - be used by a custom authorizer. By default no groups - are extracted. - type: string - groupsClaimDelimiter: - description: A delimiter used to parse groups when they - are extracted as a single String value rather than - a JSON array. Default value is ',' (comma). - type: string - httpRetries: - description: The maximum number of retries to attempt - if an initial HTTP request fails. If not set, the - default is to not attempt any retries. + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: type: integer - httpRetryPauseMs: - description: The pause to take before retrying a failed - HTTP request. If not set, the default is to not pause - at all but to immediately repeat a request. + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: type: integer - introspectionEndpointUri: - description: URI of the token introspection endpoint - which can be used to validate opaque non-JWT tokens. - type: string - jwksEndpointUri: - description: URI of the JWKS certificate endpoint, which - can be used for local JWT validation. - type: string - jwksExpirySeconds: - description: Configures how often are the JWKS certificates - considered valid. The expiry interval has to be at - least 60 seconds longer then the refresh interval - specified in `jwksRefreshSeconds`. Defaults to 360 - seconds. minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: type: integer - jwksIgnoreKeyUse: - description: Flag to ignore the 'use' attribute of `key` - declarations in a JWKS endpoint response. Default - value is `false`. - type: boolean - jwksMinRefreshPauseSeconds: - description: The minimum pause between two consecutive - refreshes. When an unknown signing key is encountered - the refresh is scheduled immediately, but will always - wait for this minimum pause. Defaults to 1 second. minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: type: integer - jwksRefreshSeconds: - description: Configures how often are the JWKS certificates - refreshed. The refresh interval has to be at least - 60 seconds shorter then the expiry interval specified - in `jwksExpirySeconds`. Defaults to 300 seconds. minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: type: integer - listenerConfig: - description: Configuration to be used for a specific - listener. All values are prefixed with listener.name.__. - type: object - x-kubernetes-preserve-unknown-fields: true - maxSecondsWithoutReauthentication: - description: Maximum number of seconds the authenticated - session remains valid without re-authentication. This - enables Apache Kafka re-authentication feature, and - causes sessions to expire when the access token expires. - If the access token expires before max time or if - max time is reached, the client has to re-authenticate, - otherwise the server will drop the connection. Not - set by default - the authenticated session does not - expire when the access token expires. This option - only applies to SASL_OAUTHBEARER authentication mechanism - (when `enableOauthBearer` is `true`). + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: type: integer - readTimeoutSeconds: - description: The read timeout in seconds when connecting - to authorization server. If not set, the effective - read timeout is 60 seconds. + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: type: integer - sasl: - description: Enable or disable SASL on this listener. - type: boolean - secrets: - description: Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + logLevel: + type: string + enum: + - emerg + - alert + - crit + - err + - warning + - notice + - info + - debug + description: The log level for the TLS sidecar. Default value is `notice`. + description: TLS sidecar configuration. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. + description: Template for Entity Operator `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array items: + type: object properties: - key: - description: The key under which the secret value - is stored in the Kubernetes Secret. + effect: type: string - secretName: - description: The name of the Kubernetes Secret - containing the secret value. + key: type: string - required: - - key - - secretName - type: object - type: array - tlsTrustedCertificates: - description: Trusted certificates for TLS connection - to the OAuth server. - items: - properties: - certificate: - description: The name of the file certificate - in the Secret. + operator: type: string - secretName: - description: The name of the Secret containing - the certificate. + tolerationSeconds: + type: integer + value: type: string - required: - - certificate - - secretName - type: object + description: The pod's tolerations. + topologySpreadConstraints: type: array - tokenEndpointUri: - description: URI of the Token Endpoint to use with SASL_PLAIN - mechanism when the client authenticates with `clientId` - and a `secret`. If set, the client can authenticate - over SASL_PLAIN by either setting `username` to `clientId`, - and setting `password` to client `secret`, or by setting - `username` to account username, and `password` to - access token prefixed with `$accessToken:`. If this - option is not set, the `password` is always interpreted - as an access token (without a prefix), and `username` - as the account username (a so called 'no-client-credentials' - mode). - type: string - type: - description: Authentication type. `oauth` type uses - SASL OAUTHBEARER Authentication. `scram-sha-512` type - uses SASL SCRAM-SHA-512 Authentication. `tls` type - uses TLS Client Authentication. `tls` type is supported - only on TLS listeners.`custom` type allows for any - authentication type to be used. - enum: - - tls - - scram-sha-512 - - oauth - - custom - type: string - userInfoEndpointUri: - description: 'URI of the User Info Endpoint to use as - a fallback to obtaining the user id when the Introspection - Endpoint does not return information that can be used - for the user id. ' - type: string - userNameClaim: - description: Name of the claim from the JWT authentication - token, Introspection Endpoint response or User Info - Endpoint response which will be used to extract the - user id. Defaults to `sub`. - type: string - validIssuerUri: - description: URI of the token issuer used for authentication. - type: string - validTokenType: - description: Valid value for the `token_type` attribute - returned by the Introspection Endpoint. No default - value, and not checked by default. - type: string - required: - - type - type: object - configuration: - description: Additional listener configuration. - properties: - bootstrap: - description: Bootstrap configuration. - properties: - alternativeNames: - description: Additional alternative names for the - bootstrap service. The alternative names will - be added to the list of subject alternative names - of the TLS certificates. - items: - type: string - type: array - annotations: - description: Annotations that will be added to the - `Ingress`, `Route`, or `Service` resource. You - can use this field to configure DNS providers - such as External DNS. This field can be used only - with `loadbalancer`, `nodeport`, `route`, or `ingress` - type listeners. - type: object - x-kubernetes-preserve-unknown-fields: true - host: - description: The bootstrap host. This field will - be used in the Ingress resource or in the Route - resource to specify the desired hostname. This - field can be used only with `route` (optional) - or `ingress` (required) type listeners. - type: string - labels: - description: Labels that will be added to the `Ingress`, - `Route`, or `Service` resource. This field can - be used only with `loadbalancer`, `nodeport`, - `route`, or `ingress` type listeners. - type: object - x-kubernetes-preserve-unknown-fields: true - loadBalancerIP: - description: The loadbalancer is requested with - the IP address specified in this field. This feature - depends on whether the underlying cloud provider - supports specifying the `loadBalancerIP` when - a load balancer is created. This field is ignored - if the cloud provider does not support the feature.This - field can be used only with `loadbalancer` type - listener. - type: string - nodePort: - description: Node port for the bootstrap service. - This field can be used only with `nodeport` type - listener. - type: integer - type: object - brokerCertChainAndKey: - description: Reference to the `Secret` which holds the - certificate and private key pair which will be used - for this listener. The certificate can optionally - contain the whole chain. This field can be used only - with listeners with enabled TLS encryption. - properties: - certificate: - description: The name of the file certificate in - the Secret. - type: string - key: - description: The name of the private key in the - Secret. - type: string - secretName: - description: The name of the Secret containing the - certificate. - type: string - required: - - certificate - - key - - secretName - type: object - brokers: - description: Per-broker configurations. items: + type: object properties: - advertisedHost: - description: The host name which will be used - in the brokers' `advertised.brokers`. - type: string - advertisedPort: - description: The port number which will be used - in the brokers' `advertised.brokers`. - type: integer - annotations: - description: Annotations that will be added to - the `Ingress` or `Service` resource. You can - use this field to configure DNS providers such - as External DNS. This field can be used only - with `loadbalancer`, `nodeport`, or `ingress` - type listeners. + labelSelector: type: object - x-kubernetes-preserve-unknown-fields: true - broker: - description: ID of the kafka broker (broker identifier). - Broker IDs start from 0 and correspond to the - number of broker replicas. + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: type: integer - host: - description: The broker host. This field will - be used in the Ingress resource or in the Route - resource to specify the desired hostname. This - field can be used only with `route` (optional) - or `ingress` (required) type listeners. + minDomains: + type: integer + nodeAffinityPolicy: type: string - labels: - description: Labels that will be added to the - `Ingress`, `Route`, or `Service` resource. This - field can be used only with `loadbalancer`, - `nodeport`, `route`, or `ingress` type listeners. - type: object - x-kubernetes-preserve-unknown-fields: true - loadBalancerIP: - description: The loadbalancer is requested with - the IP address specified in this field. This - feature depends on whether the underlying cloud - provider supports specifying the `loadBalancerIP` - when a load balancer is created. This field - is ignored if the cloud provider does not support - the feature.This field can be used only with - `loadbalancer` type listener. + nodeTaintsPolicy: type: string - nodePort: - description: Node port for the per-broker service. - This field can be used only with `nodeport` - type listener. - type: integer - required: - - broker - type: object - type: array - class: - description: Configures a specific class for `Ingress` - and `LoadBalancer` that defines which controller will - be used. This field can only be used with `ingress` - and `loadbalancer` type listeners. If not specified, - the default controller is used. For an `ingress` listener, - set the `ingressClassName` property in the `Ingress` - resources. For a `loadbalancer` listener, set the - `loadBalancerClass` property in the `Service` resources. + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: type: string - createBootstrapService: - description: Whether to create the bootstrap service - or not. The bootstrap service is created by default - (if not specified differently). This field can be - used with the `loadBalancer` type listener. - type: boolean - externalTrafficPolicy: - description: Specifies whether the service routes external - traffic to node-local or cluster-wide endpoints. `Cluster` - may cause a second hop to another node and obscures - the client source IP. `Local` avoids a second hop - for LoadBalancer and Nodeport type services and preserves - the client source IP (when supported by the infrastructure). - If unspecified, Kubernetes will use `Cluster` as the - default.This field can be used only with `loadbalancer` - or `nodeport` type listener. - enum: - - Local - - Cluster + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: type: string - finalizers: - description: A list of finalizers which will be configured - for the `LoadBalancer` type Services created for this - listener. If supported by the platform, the finalizer - `service.kubernetes.io/load-balancer-cleanup` to make - sure that the external load balancer is deleted together - with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. - This field can be used only with `loadbalancer` type - listeners. - items: - type: string - type: array - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on - the `ipFamilyPolicy` setting. Available on Kubernetes - 1.20 and newer. - items: - enum: - - IPv4 - - IPv6 - type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by - the service. Available options are `SingleStack`, - `PreferDualStack` and `RequireDualStack`. `SingleStack` - is for a single IP family. `PreferDualStack` is for - two IP families on dual-stack configured clusters - or a single IP family on single-stack clusters. `RequireDualStack` - fails unless there are two IP families on dual-stack - configured clusters. If unspecified, Kubernetes will - choose the default value based on the service type. - Available on Kubernetes 1.20 and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - loadBalancerSourceRanges: - description: A list of CIDR ranges (for example `10.0.0.0/8` - or `130.211.204.1/32`) from which clients can connect - to load balancer type listeners. If supported by the - platform, traffic through the loadbalancer is restricted - to the specified CIDR ranges. This field is applicable - only for loadbalancer type services and is ignored - if the cloud provider does not support the feature. - This field can be used only with `loadbalancer` type - listener. items: - type: string - type: array - maxConnectionCreationRate: - description: The maximum connection creation rate we - allow in this listener at any time. New connections - will be throttled if the limit is reached. - type: integer - maxConnections: - description: The maximum number of connections we allow - for this listener in the broker at any time. New connections - are blocked if the limit is reached. - type: integer - preferredNodePortAddressType: - description: |- - Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used): - - * `ExternalDNS` - * `ExternalIP` - * `InternalDNS` - * `InternalIP` - * `Hostname` - - This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener. - enum: - - ExternalIP - - ExternalDNS - - InternalIP - - InternalDNS - - Hostname - type: string - useServiceDnsDomain: - description: Configures whether the Kubernetes service - DNS domain should be used or not. If set to `true`, - the generated addresses will contain the service DNS - domain suffix (by default `.cluster.local`, can be - configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). - Defaults to `false`.This field can be used only with - `internal` and `cluster-ip` type listeners. - type: boolean - type: object - name: - description: Name of the listener. The name will be used - to identify the listener and the related Kubernetes objects. - The name has to be unique within given a Kafka cluster. - The name can consist of lowercase characters and numbers - and be up to 11 characters long. - pattern: ^[a-z0-9]{1,11}$ - type: string - networkPolicyPeers: - description: List of peers which should be able to connect - to this listener. Peers in this list are combined using - a logical OR operation. If this field is empty or missing, - all connections will be allowed for this listener. If - this field is present and contains at least one item, - the listener only allows the traffic which matches at - least one item in this list. - items: - properties: - ipBlock: + type: object properties: - cidr: - type: string - except: + hostnames: + type: array items: type: string - type: array + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: type: object - namespaceSelector: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + name: + type: string + description: Name to use for the volume. Required. + secret: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - podSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: array - port: - description: Port number used by the listener inside Kafka. - The port number has to be unique within a given Kafka - cluster. Allowed port numbers are 9092 and higher with - the exception of ports 9404 and 9999, which are already - used for Prometheus and JMX. Depending on the listener - type, the port number might not be the same as the port - number that connects Kafka clients. - minimum: 9092 - type: integer - tls: - description: Enables TLS encryption on the listener. This - is a required property. - type: boolean - type: - description: "Type of the listener. Currently the supported - types are `internal`, `route`, `loadbalancer`, `nodeport` - and `ingress`. \n\n* `internal` type exposes Kafka internally - only within the Kubernetes cluster.\n* `route` type uses - OpenShift Routes to expose Kafka.\n* `loadbalancer` type - uses LoadBalancer type services to expose Kafka.\n* `nodeport` - type uses NodePort type services to expose Kafka.\n* `ingress` - type uses Kubernetes Nginx Ingress to expose Kafka with - TLS passthrough.\n* `cluster-ip` type uses a per-broker - `ClusterIP` service.\n" - enum: - - internal - - route - - loadbalancer - - nodeport - - ingress - - cluster-ip - type: string - required: - - name - - port - - type - - tls - type: object - minItems: 1 - type: array - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: Logging configuration for Kafka. - properties: - loggers: - description: A Map from logger name to logger level. - type: object - x-kubernetes-preserve-unknown-fields: true - type: - description: Logging type, must be either 'inline' or 'external'. - enum: - - inline - - external - type: string - valueFrom: - description: '`ConfigMap` entry where the logging configuration - is stored. ' - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. - properties: - key: - type: string - name: - type: string - optional: - type: boolean - type: object - type: object - required: - - type - type: object - metricsConfig: - description: Metrics configuration. - properties: - type: - description: Metrics type. Only 'jmxPrometheusExporter' supported - currently. - enum: - - jmxPrometheusExporter - type: string - valueFrom: - description: ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. - properties: - key: - type: string - name: - type: string - optional: - type: boolean - type: object - type: object - required: - - type - - valueFrom - type: object - rack: - description: Configuration of the `broker.rack` broker config. - properties: - topologyKey: - description: A key that matches labels assigned to the Kubernetes - cluster nodes. The value of the label is used to set a broker's - `broker.rack` config, and the `client.rack` config for Kafka - Connect or MirrorMaker 2.0. - example: topology.kubernetes.io/zone - type: string - required: - - topologyKey - type: object - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - replicas: - description: The number of pods in the cluster. - minimum: 1 - type: integer - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - storage: - description: Storage configuration (disk). Cannot be updated. - properties: - class: - description: The storage class to use for dynamic volume allocation. - type: string - deleteClaim: - description: Specifies if the persistent volume claim has - to be deleted when the cluster is un-deployed. - type: boolean - id: - description: Storage identification number. It is mandatory - only for storage volumes defined in a storage of type 'jbod'. - minimum: 0 - type: integer - overrides: - description: Overrides for individual brokers. The `overrides` - field allows to specify a different configuration for different - brokers. - items: - properties: - broker: - description: Id of the kafka broker (broker identifier). - type: integer - class: - description: The storage class to use for dynamic volume - allocation for this broker. - type: string + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for Entity Operator `Pods`. + topicOperatorContainer: type: object - type: array - selector: - description: Specifies a specific persistent volume to use. - It contains key:value pairs representing labels for selecting - such a volume. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: When type=persistent-claim, defines the size - of the persistent volume claim (i.e 1Gi). Mandatory when - type=persistent-claim. - type: string - sizeLimit: - description: When type=ephemeral, defines the total amount - of local storage required for this EmptyDir volume (for - example 1Gi). - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - type: - description: Storage type, must be either 'ephemeral', 'persistent-claim', - or 'jbod'. - enum: - - ephemeral - - persistent-claim - - jbod - type: string - volumes: - description: List of volumes as Storage objects representing - the JBOD disks array. - items: properties: - class: - description: The storage class to use for dynamic volume - allocation. - type: string - deleteClaim: - description: Specifies if the persistent volume claim - has to be deleted when the cluster is un-deployed. - type: boolean - id: - description: Storage identification number. It is mandatory - only for storage volumes defined in a storage of type - 'jbod'. - minimum: 0 - type: integer - overrides: - description: Overrides for individual brokers. The `overrides` - field allows to specify a different configuration - for different brokers. + env: + type: array items: + type: object properties: - broker: - description: Id of the kafka broker (broker identifier). - type: integer - class: - description: The storage class to use for dynamic - volume allocation for this broker. + name: type: string - type: object - type: array - selector: - description: Specifies a specific persistent volume - to use. It contains key:value pairs representing labels - for selecting such a volume. + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: When type=persistent-claim, defines the - size of the persistent volume claim (i.e 1Gi). Mandatory - when type=persistent-claim. - type: string - sizeLimit: - description: When type=ephemeral, defines the total - amount of local storage required for this EmptyDir - volume (for example 1Gi). - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - type: - description: Storage type, must be either 'ephemeral' - or 'persistent-claim'. - enum: - - ephemeral - - persistent-claim - type: string - required: - - type - type: object - type: array - required: - - type - type: object - template: - description: Template for Kafka cluster resources. The template - allows users to specify how the `StatefulSet`, `Pods`, and `Services` - are generated. - properties: - bootstrapService: - description: Template for Kafka bootstrap `Service`. - properties: - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on the - `ipFamilyPolicy` setting. Available on Kubernetes 1.20 - and newer. - items: - enum: - - IPv4 - - IPv6 - type: string - type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, `PreferDualStack` - and `RequireDualStack`. `SingleStack` is for a single - IP family. `PreferDualStack` is for two IP families - on dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails unless - there are two IP families on dual-stack configured clusters. - If unspecified, Kubernetes will choose the default value - based on the service type. Available on Kubernetes 1.20 - and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - brokersService: - description: Template for Kafka broker `Service`. - properties: - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on the - `ipFamilyPolicy` setting. Available on Kubernetes 1.20 - and newer. - items: - enum: - - IPv4 - - IPv6 - type: string - type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, `PreferDualStack` - and `RequireDualStack`. `SingleStack` is for a single - IP family. `PreferDualStack` is for two IP families - on dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails unless - there are two IP families on dual-stack configured clusters. - If unspecified, Kubernetes will choose the default value - based on the service type. Available on Kubernetes 1.20 - and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - clusterCaCert: - description: Template for Secret with Kafka Cluster certificate - public key. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - clusterRoleBinding: - description: Template for the Kafka ClusterRoleBinding. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - externalBootstrapIngress: - description: Template for Kafka external bootstrap `Ingress`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - externalBootstrapRoute: - description: Template for Kafka external bootstrap `Route`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Entity Topic Operator container. + userOperatorContainer: + type: object + properties: + env: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - externalBootstrapService: - description: Template for Kafka external bootstrap `Service`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Entity User Operator container. + tlsSidecarContainer: + type: object + properties: + env: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - initContainer: - description: Template for the Kafka init container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: type: string - type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: type: string - type: array - drop: - items: + role: type: string - type: array + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: type: string - role: + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Entity Operator TLS sidecar container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - user: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator service account. + entityOperatorRole: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator Role. + topicOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - gmsaCredentialSpecName: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + userOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - hostProcess: - type: boolean - runAsUserName: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + description: Template for Entity Operator resources. The template allows users to specify how a `Deployment` and `Pod` is generated. + description: Configuration of the Entity Operator. + clusterCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true. + generateSecretOwnerReference: + type: boolean + description: "If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`." + validityDays: + type: integer + minimum: 1 + description: The number of days generated certificates should be valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: "The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30." + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: How should CA certificate expiration be handled when `generateCertificateAuthority=true`. The default is for a new CA certificate to be generated reusing the existing private key. + description: Configuration of the cluster certificate authority. + clientsCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true. + generateSecretOwnerReference: + type: boolean + description: "If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`." + validityDays: + type: integer + minimum: 1 + description: The number of days generated certificates should be valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: "The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30." + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: How should CA certificate expiration be handled when `generateCertificateAuthority=true`. The default is for a new CA certificate to be generated reusing the existing private key. + description: Configuration of the clients certificate authority. + cruiseControl: + type: object + properties: + image: + type: string + description: "The container image used for Cruise Control pods. If no image name is explicitly specified, the image name corresponds to the name specified in the Cluster Operator configuration. If an image name is not defined in the Cluster Operator configuration, a default value is used." + tlsSidecar: + type: object + properties: + image: + type: string + description: The docker image for the container. + resources: + type: object + properties: + claims: + type: array + items: type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + logLevel: + type: string + enum: + - emerg + - alert + - crit + - err + - warning + - notice + - info + - debug + description: The log level for the TLS sidecar. Default value is `notice`. + description: TLS sidecar configuration. + resources: + type: object + properties: + claims: + type: array + items: type: object - type: object - jmxSecret: - description: Template for Secret of the Kafka Cluster JMX - authentication. - properties: - metadata: - description: Metadata applied to the resource. properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve for the Cruise Control container. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness checking for the Cruise Control container. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness checking for the Cruise Control container. + jvmOptions: + type: object + properties: + "-XX": + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + "-Xmx": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xmx option to to the JVM. + "-Xms": + type: string + pattern: "^[0-9]+[mMgG]?$" + description: -Xms option to to the JVM. + gcLoggingEnabled: + type: boolean + description: Specifies whether the Garbage Collection logging is enabled. The default is false. + javaSystemProperties: + type: array + items: type: object - type: object - kafkaContainer: - description: Template for the Kafka broker container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: A map of additional system properties which will be passed using the `-D` option to the JVM. + description: JVM Options for the Cruise Control container. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: "Logging type, must be either 'inline' or 'external'." + valueFrom: + type: object + properties: + configMapKeyRef: + type: object properties: - name: - description: The environment variable key. + key: type: string - value: - description: The environment variable value. + name: type: string + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: '`ConfigMap` entry where the logging configuration is stored. ' + required: + - type + description: Logging configuration (Log4j 2) for Cruise Control. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. + description: Template for Cruise Control `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: type: object - windowsOptions: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: type: string - type: object - type: object - type: object - perPodIngress: - description: Template for Kafka per-pod `Ingress` used for - access from outside of Kubernetes. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - perPodRoute: - description: Template for Kafka per-pod `Routes` used for - access from outside of OpenShift. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - perPodService: - description: Template for Kafka per-pod `Services` used for - access from outside of Kubernetes. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - persistentVolumeClaim: - description: Template for all Kafka `PersistentVolumeClaims`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - pod: - description: Template for Kafka `Pods`. - properties: - affinity: - description: The pod's affinity rules. - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: type: object - type: array - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchFields: - items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string + matchExpressions: type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - type: array + description: The pod's affinity rules. + tolerations: + type: array + items: type: object - podAntiAffinity: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: + key: + type: string + operator: + type: string + values: + type: array items: type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: type: array - requiredDuringSchedulingIgnoredDuringExecution: items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaceSelector: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaces: - items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for Cruise Control `Pods`. + apiService: + type: object + properties: + metadata: + type: object properties: - hostnames: - items: + labels: + additionalProperties: type: string - type: array - ip: - type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." + description: Template for Cruise Control API `Service`. + podDisruptionBudget: + type: object + properties: + metadata: type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: properties: - name: - type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." + description: Template for Cruise Control `PodDisruptionBudget`. + cruiseControlContainer: + type: object + properties: + env: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + mountPath: type: string - role: + mountPropagation: type: string - type: + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: type: string - user: + subPathExpr: type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Cruise Control container. + tlsSidecarContainer: + type: object + properties: + env: + type: array + items: type: object - seccompProfile: properties: - localhostProfile: + name: type: string - type: + description: The environment variable key. + value: type: string - type: object - supplementalGroups: - items: + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: type: integer - type: array - sysctls: - items: + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object properties: - name: + level: + type: string + role: type: string - value: + type: type: string + user: + type: string + seccompProfile: type: object - type: array - windowsOptions: + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: + type: object properties: - gmsaCredentialSpec: + mountPath: + type: string + mountPropagation: type: string - gmsaCredentialSpecName: + name: type: string - hostProcess: + readOnly: type: boolean - runAsUserName: + recursiveReadOnly: type: string - type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for the Cruise Control TLS sidecar container. + serviceAccount: + type: object + properties: + metadata: type: object - type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. - items: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string type: object - matchLabelKeys: - items: + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: array - maxSkew: - type: integer - minDomains: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Cruise Control service account. + description: "Template to specify how Cruise Control resources, `Deployments` and `Pods`, are generated." + brokerCapacity: + type: object + properties: + disk: + type: string + pattern: "^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$" + description: "Broker capacity for disk in bytes. Use a number value with either standard Kubernetes byte units (K, M, G, or T), their bibyte (power of two) equivalents (Ki, Mi, Gi, or Ti), or a byte value with or without E notation. For example, 100000M, 100000Mi, 104857600000, or 1e+11." + cpuUtilization: + type: integer + minimum: 0 + maximum: 100 + description: Broker capacity for CPU resource utilization as a percentage (0 - 100). + cpu: + type: string + pattern: "^[0-9]+([.][0-9]{0,3}|[m]?)$" + description: "Broker capacity for CPU resource in cores or millicores. For example, 1, 1.500, 1500m. For more information on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu." + inboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for inbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + outboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for outbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + overrides: + type: array + items: + type: object + properties: + brokers: + type: array + items: type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: + description: List of Kafka brokers (broker identifiers). + cpu: + type: string + pattern: "^[0-9]+([.][0-9]{0,3}|[m]?)$" + description: "Broker capacity for CPU resource in cores or millicores. For example, 1, 1.500, 1500m. For more information on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu." + inboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for inbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + outboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for outbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + required: + - brokers + description: Overrides for individual brokers. The `overrides` property lets you specify a different capacity configuration for different brokers. + description: The Cruise Control `brokerCapacity` configuration. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "The Cruise Control configuration. For a full list of configuration options refer to https://github.com/linkedin/cruise-control/wiki/Configurations. Note that properties with the following prefixes cannot be set: bootstrap.servers, client.id, zookeeper., network., security., failed.brokers.zk.path,webserver.http., webserver.api.urlprefix, webserver.session.path, webserver.accesslog., two.step., request.reason.required,metric.reporter.sampler.bootstrap.servers, capacity.config.file, self.healing., ssl., kafka.broker.failure.detection.enable, topic.config.provider.class (with the exception of: ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, webserver.http.cors.enabled, webserver.http.cors.origin, webserver.http.cors.exposeheaders, webserver.security.enable, webserver.ssl.enable)." + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: Metrics type. Only 'jmxPrometheusExporter' supported currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: type: string - whenUnsatisfiable: + name: type: string - type: object - type: array - type: object - podDisruptionBudget: - description: Template for Kafka `PodDisruptionBudget`. - properties: - maxUnavailable: - description: Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is allowed when - the `maxUnavailable` number of pods or fewer are unavailable - after the eviction. Setting this value to 0 prevents - all voluntary evictions, so the pods must be evicted - manually. Defaults to 1. - minimum: 0 - type: integer - metadata: - description: Metadata to apply to the `PodDisruptionBudgetTemplate` - resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - podSet: - description: Template for Kafka `StrimziPodSet` resource. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - serviceAccount: - description: Template for the Kafka service account. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object + optional: + type: boolean + description: Reference to the key in the ConfigMap containing the configuration. + description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. ' + required: + - type + - valueFrom + description: Metrics configuration. + apiUsers: + type: object + properties: + type: + type: string + enum: + - hashLoginService + description: "Type of the Cruise Control API users configuration. Supported format is: `hashLoginService`." + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the custom Cruise Control API authentication credentials are read. + required: + - type + - valueFrom + description: Configuration of the Cruise Control REST API users. + description: Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified. + jmxTrans: + type: object + properties: + image: + type: string + description: The image to use for the JmxTrans. + outputDefinitions: + type: array + items: type: object - statefulset: - description: Template for Kafka `StatefulSet`. properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - podManagementPolicy: - description: PodManagementPolicy which will be used for - this StatefulSet. Valid values are `Parallel` and `OrderedReady`. - Defaults to `Parallel`. - enum: - - OrderedReady - - Parallel + outputType: type: string + description: "Template for setting the format of the data that will be pushed.For more information see https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans OutputWriters]." + host: + type: string + description: The DNS/hostname of the remote host that the data is pushed to. + port: + type: integer + description: The port of the remote host that the data is pushed to. + flushDelayInSeconds: + type: integer + description: How many seconds the JmxTrans waits before pushing a new set of data out. + typeNames: + type: array + items: + type: string + description: "Template for filtering data to be included in response to a wildcard query. For more information see https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans queries]." + name: + type: string + description: Template for setting the name of the output definition. This is used to identify where to send the results of queries should be sent. + required: + - outputType + - name + description: "Defines the output hosts that will be referenced later on. For more information on these properties see, xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` schema reference]." + logLevel: + type: string + description: "Sets the logging level of the JmxTrans deployment.For more information see, https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans Logging Level]." + kafkaQueries: + type: array + items: type: object - type: object - version: - description: The kafka broker version. Defaults to {DefaultKafkaVersion}. - Consult the user documentation to understand the process required - to upgrade or downgrade the version. - type: string - required: - - replicas - - listeners - - storage - type: object - kafkaExporter: - description: Configuration of the Kafka Exporter. Kafka Exporter can - provide additional metrics, for example lag of consumer group at - topic/partition. - properties: - enableSaramaLogging: - description: Enable Sarama logging, a Go client library used by - the Kafka Exporter. - type: boolean - groupRegex: - description: Regular expression to specify which consumer groups - to collect. Default value is `.*`. - type: string - image: - description: The docker image for the pods. - type: string - livenessProbe: - description: Pod liveness check. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: 'Only log messages with the given severity or above. - Valid levels: [`info`, `debug`, `trace`]. Default log level - is `info`.' - type: string - readinessProbe: - description: Pod readiness check. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - template: - description: Customization of deployment templates and pods. - properties: - container: - description: Template for the Kafka Exporter container. properties: - env: - description: Environment variables which should be applied - to the container. + targetMBean: + type: string + description: If using wildcards instead of a specific MBean then the data is gathered from multiple MBeans. Otherwise if specifying an MBean then data is gathered from that specified MBean. + attributes: + type: array items: - properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string - type: object + type: string + description: Determine which attributes of the targeted MBean should be included. + outputs: type: array - securityContext: - description: Security context for the container. + items: + type: string + description: "List of the names of output definitions specified in the spec.kafka.jmxTrans.outputDefinitions that have defined where JMX metrics are pushed to, and in which data format." + required: + - targetMBean + - attributes + - outputs + description: "Queries to send to the Kafka brokers to define what data should be read from each broker. For more information on these properties see, xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` schema reference]." + resources: + type: object + properties: + claims: + type: array + items: + type: object properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + name: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - seccompProfile: - properties: - localhostProfile: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. + description: Template for JmxTrans `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - type: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: type: object - windowsOptions: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: type: string - type: object - type: object - type: object - deployment: - description: Template for Kafka Exporter `Deployment`. - properties: - deploymentStrategy: - description: Pod replacement strategy for deployment configuration - changes. Valid values are `RollingUpdate` and `Recreate`. - Defaults to `RollingUpdate`. - enum: - - RollingUpdate - - Recreate - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - pod: - description: Template for Kafka Exporter `Pods`. - properties: - affinity: - description: The pod's affinity rules. - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: type: object - type: array - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchFields: - items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string + matchExpressions: type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - type: array + description: The pod's affinity rules. + tolerations: + type: array + items: type: object - podAntiAffinity: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: + key: + type: string + operator: + type: string + values: + type: array items: type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: type: array - requiredDuringSchedulingIgnoredDuringExecution: items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaceSelector: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: type: object - namespaces: - items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: type: string - type: array - topologyKey: - type: string - type: object - type: array + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for JmxTrans `Pods`. + container: + type: object + properties: + env: + type: array + items: type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - properties: - hostnames: - items: + properties: + name: type: string - type: array - ip: - type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: properties: - name: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. + description: Template for JmxTrans container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the JmxTrans service account. + description: Template for JmxTrans resources. + required: + - outputDefinitions + - kafkaQueries + description: "As of Strimzi 0.35.0, JMXTrans is not supported anymore and this option is ignored." + kafkaExporter: + type: object + properties: + image: + type: string + description: "The container image used for the Kafka Exporter pods. If no image name is explicitly specified, the image name corresponds to the version specified in the Cluster Operator configuration. If an image name is not defined in the Cluster Operator configuration, a default value is used." + groupRegex: + type: string + description: Regular expression to specify which consumer groups to collect. Default value is `.*`. + topicRegex: + type: string + description: Regular expression to specify which topics to collect. Default value is `.*`. + groupExcludeRegex: + type: string + description: Regular expression to specify which consumer groups to exclude. + topicExcludeRegex: + type: string + description: Regular expression to specify which topics to exclude. + resources: + type: object + properties: + claims: + type: array + items: + type: object properties: - fsGroup: - type: integer - fsGroupChangePolicy: + name: type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: - properties: - level: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + logging: + type: string + description: "Only log messages with the given severity or above. Valid levels: [`info`, `debug`, `trace`]. Default log level is `info`." + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod liveness check. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Pod readiness check. + enableSaramaLogging: + type: boolean + description: "Enable Sarama logging, a Go client library used by the Kafka Exporter." + showAllOffsets: + type: boolean + description: "Whether show the offset/lag for all consumer group, otherwise, only show connected consumer groups." + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - role: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. + description: Template for Kafka Exporter `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - user: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: type: object - seccompProfile: properties: - localhostProfile: - type: string - type: + name: type: string - type: object - supplementalGroups: - items: - type: integer - type: array - sysctls: - items: + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." + securityContext: + type: object + properties: + appArmorProfile: + type: object properties: - name: + localhostProfile: type: string - value: + type: type: string - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: + fsGroup: type: integer - value: + fsGroupChangePolicy: type: string - type: object - type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. - items: - properties: - labelSelector: + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: type: object - matchLabelKeys: + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array items: - type: string + type: integer + sysctls: type: array - maxSkew: - type: integer - minDomains: - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - type: object - type: array - type: object - service: - description: Template for Kafka Exporter `Service`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - serviceAccount: - description: Template for the Kafka Exporter service account. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - topicRegex: - description: Regular expression to specify which topics to collect. - Default value is `.*`. - type: string - type: object - maintenanceTimeWindows: - description: A list of time windows for maintenance tasks (that is, - certificates renewal). Each time window is defined by a cron expression. - items: - type: string - type: array - zookeeper: - description: Configuration of the ZooKeeper cluster. - properties: - config: - description: 'The ZooKeeper broker config. Properties with the - following prefixes cannot be set: server., dataDir, dataLogDir, - clientPort, authProvider, quorum.auth, requireClientAuthScheme, - snapshot.trust.empty, standaloneEnabled, reconfigEnabled, 4lw.commands.whitelist, - secureClientPort, ssl., serverCnxnFactory, sslQuorum (with the - exception of: ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, - ssl.quorum.enabledProtocols, ssl.ciphersuites, ssl.quorum.ciphersuites, - ssl.hostnameVerification, ssl.quorum.hostnameVerification).' - type: object - x-kubernetes-preserve-unknown-fields: true - image: - description: The docker image for the pods. - type: string - jmxOptions: - description: JMX Options for Zookeeper nodes. - properties: - authentication: - description: Authentication configuration for connecting to - the JMX port. - properties: - type: - description: Authentication type. Currently the only supported - types are `password`.`password` type creates a username - and protected port with no TLS. - enum: - - password - type: string - required: - - type - type: object - type: object - jvmOptions: - description: JVM Options for pods. - properties: - -XX: - description: A map of -XX options to the JVM. - type: object - x-kubernetes-preserve-unknown-fields: true - -Xms: - description: -Xms option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - -Xmx: - description: -Xmx option to to the JVM. - pattern: ^[0-9]+[mMgG]?$ - type: string - gcLoggingEnabled: - description: Specifies whether the Garbage Collection logging - is enabled. The default is false. - type: boolean - javaSystemProperties: - description: A map of additional system properties which will - be passed using the `-D` option to the JVM. - items: - properties: - name: - description: The system property name. - type: string - value: - description: The system property value. - type: string - type: object - type: array - type: object - livenessProbe: - description: Pod liveness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - logging: - description: Logging configuration for ZooKeeper. - properties: - loggers: - description: A Map from logger name to logger level. - type: object - x-kubernetes-preserve-unknown-fields: true - type: - description: Logging type, must be either 'inline' or 'external'. - enum: - - inline - - external - type: string - valueFrom: - description: '`ConfigMap` entry where the logging configuration - is stored. ' - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. - properties: - key: - type: string - name: - type: string - optional: - type: boolean - type: object - type: object - required: - - type - type: object - metricsConfig: - description: Metrics configuration. - properties: - type: - description: Metrics type. Only 'jmxPrometheusExporter' supported - currently. - enum: - - jmxPrometheusExporter - type: string - valueFrom: - description: ConfigMap entry where the Prometheus JMX Exporter - configuration is stored. For details of the structure of - this configuration, see the {JMXExporter}. - properties: - configMapKeyRef: - description: Reference to the key in the ConfigMap containing - the configuration. - properties: - key: - type: string - name: - type: string - optional: - type: boolean - type: object - type: object - required: - - type - - valueFrom - type: object - readinessProbe: - description: Pod readiness checking. - properties: - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - minimum: 1 - type: integer - initialDelaySeconds: - description: The initial delay before first the health is - first checked. Default to 15 seconds. Minimum value is 0. - minimum: 0 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - minimum: 1 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - minimum: 1 - type: integer - timeoutSeconds: - description: The timeout for each attempted health check. - Default to 5 seconds. Minimum value is 1. - minimum: 1 - type: integer - type: object - replicas: - description: The number of pods in the cluster. - minimum: 1 - type: integer - resources: - description: CPU and memory resources to reserve. - properties: - limits: - type: object - x-kubernetes-preserve-unknown-fields: true - requests: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - storage: - description: Storage configuration (disk). Cannot be updated. - properties: - class: - description: The storage class to use for dynamic volume allocation. - type: string - deleteClaim: - description: Specifies if the persistent volume claim has - to be deleted when the cluster is un-deployed. - type: boolean - id: - description: Storage identification number. It is mandatory - only for storage volumes defined in a storage of type 'jbod'. - minimum: 0 - type: integer - overrides: - description: Overrides for individual brokers. The `overrides` - field allows to specify a different configuration for different - brokers. - items: - properties: - broker: - description: Id of the kafka broker (broker identifier). - type: integer - class: - description: The storage class to use for dynamic volume - allocation for this broker. - type: string - type: object - type: array - selector: - description: Specifies a specific persistent volume to use. - It contains key:value pairs representing labels for selecting - such a volume. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: When type=persistent-claim, defines the size - of the persistent volume claim (i.e 1Gi). Mandatory when - type=persistent-claim. - type: string - sizeLimit: - description: When type=ephemeral, defines the total amount - of local storage required for this EmptyDir volume (for - example 1Gi). - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - type: - description: Storage type, must be either 'ephemeral' or 'persistent-claim'. - enum: - - ephemeral - - persistent-claim - type: string - required: - - type - type: object - template: - description: Template for ZooKeeper cluster resources. The template - allows users to specify how the `StatefulSet`, `Pods`, and `Services` - are generated. - properties: - clientService: - description: Template for ZooKeeper client `Service`. - properties: - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on the - `ipFamilyPolicy` setting. Available on Kubernetes 1.20 - and newer. - items: - enum: - - IPv4 - - IPv6 - type: string - type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, `PreferDualStack` - and `RequireDualStack`. `SingleStack` is for a single - IP family. `PreferDualStack` is for two IP families - on dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails unless - there are two IP families on dual-stack configured clusters. - If unspecified, Kubernetes will choose the default value - based on the service type. Available on Kubernetes 1.20 - and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - jmxSecret: - description: Template for Secret of the Zookeeper Cluster - JMX authentication. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - nodesService: - description: Template for ZooKeeper nodes `Service`. - properties: - ipFamilies: - description: Specifies the IP Families used by the service. - Available options are `IPv4` and `IPv6. If unspecified, - Kubernetes will choose the default value based on the - `ipFamilyPolicy` setting. Available on Kubernetes 1.20 - and newer. - items: - enum: - - IPv4 - - IPv6 - type: string - type: array - ipFamilyPolicy: - description: Specifies the IP Family Policy used by the - service. Available options are `SingleStack`, `PreferDualStack` - and `RequireDualStack`. `SingleStack` is for a single - IP family. `PreferDualStack` is for two IP families - on dual-stack configured clusters or a single IP family - on single-stack clusters. `RequireDualStack` fails unless - there are two IP families on dual-stack configured clusters. - If unspecified, Kubernetes will choose the default value - based on the service type. Available on Kubernetes 1.20 - and newer. - enum: - - SingleStack - - PreferDualStack - - RequireDualStack - type: string - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - persistentVolumeClaim: - description: Template for all ZooKeeper `PersistentVolumeClaims`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - pod: - description: Template for ZooKeeper `Pods`. - properties: - affinity: - description: The pod's affinity rules. - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Configures pod-level security attributes and common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: type: object - type: array - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchFields: - items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string + matchExpressions: type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + items: + type: object + properties: + key: + type: string + operator: type: string - type: array + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object properties: - key: - type: string - operator: - type: string - values: + matchExpressions: + type: array items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: type: string - type: array + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string + matchExpressions: type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + items: + type: object + properties: + key: type: string - type: array - type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - weight: - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: type: string - type: array + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - namespaces: - items: + namespaces: + type: array + items: + type: string + topologyKey: type: string - type: array - topologyKey: - type: string - type: object - type: array + description: The pod's affinity rules. + tolerations: + type: array + items: type: object - type: object - enableServiceLinks: - description: Indicates whether information about services - should be injected into Pod's environment variables. - type: boolean - hostAliases: - description: The pod's HostAliases. HostAliases is an - optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - properties: - hostnames: - items: + properties: + effect: type: string - type: array - ip: - type: string - type: object - type: array - imagePullSecrets: - description: List of references to secrets in the same - namespace to use for pulling any of the images used - by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment - variable in Cluster Operator and the `imagePullSecrets` - option are specified, only the `imagePullSecrets` variable - is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable - is ignored. - items: - properties: - name: - type: string - type: object - type: array - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: type: object - x-kubernetes-preserve-unknown-fields: true - type: object - priorityClassName: - description: The name of the priority class used to assign - priority to the pods. For more information about priority - classes, see {K8sPriorityClass}. - type: string - schedulerName: - description: The name of the scheduler used to dispatch - this `Pod`. If not specified, the default scheduler - will be used. - type: string - securityContext: - description: Configures pod-level security attributes - and common container settings. - properties: - fsGroup: - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: type: string - role: + nodeTaintsPolicy: type: string - type: + topologyKey: type: string - user: + whenUnsatisfiable: type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: 'The name of the priority class used to assign priority to the pods. ' + schedulerName: + type: string + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." + hostAliases: + type: array + items: type: object - seccompProfile: properties: - localhostProfile: - type: string - type: + hostnames: + type: array + items: + type: string + ip: type: string + description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: Indicates whether information about services should be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: type: object - supplementalGroups: - items: - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - windowsOptions: properties: - gmsaCredentialSpec: + name: type: string - gmsaCredentialSpecName: + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. + description: Template for Kafka Exporter `Pods`. + service: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - hostProcess: - type: boolean - runAsUserName: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka Exporter `Service`. + container: + type: object + properties: + env: + type: array + items: type: object - type: object - terminationGracePeriodSeconds: - description: The grace period is the duration in seconds - after the processes running in the pod are sent a termination - signal, and the time when the processes are forcibly - halted with a kill signal. Set this value to longer - than the expected cleanup time for your process. Value - must be a non-negative integer. A zero value indicates - delete immediately. You might need to increase the grace - period for very large Kafka clusters, so that the Kafka - brokers have enough time to transfer their work to another - broker before they are terminated. Defaults to 30 seconds. - minimum: 0 - type: integer - tmpDirSizeLimit: - description: Defines the total amount (for example `1Gi`) - of local storage required for temporary EmptyDir volume - (`/tmp`). Default value is `5Mi`. - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - type: string - tolerations: - description: The pod's tolerations. - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: Environment variables which should be applied to the container. + securityContext: type: object - type: array - topologySpreadConstraints: - description: The pod's topology spread constraints. - items: properties: - labelSelector: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + type: object properties: - matchExpressions: + localhostProfile: + type: string + type: + type: string + capabilities: + type: object + properties: + add: + type: array items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object + type: string + drop: type: array - matchLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - matchLabelKeys: - items: - type: string - type: array - maxSkew: + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: type: integer - minDomains: + runAsNonRoot: + type: boolean + runAsUser: type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - type: object - type: array - type: object - podDisruptionBudget: - description: Template for ZooKeeper `PodDisruptionBudget`. - properties: - maxUnavailable: - description: Maximum number of unavailable pods to allow - automatic Pod eviction. A Pod eviction is allowed when - the `maxUnavailable` number of pods or fewer are unavailable - after the eviction. Setting this value to 0 prevents - all voluntary evictions, so the pods must be evicted - manually. Defaults to 1. - minimum: 0 - type: integer - metadata: - description: Metadata to apply to the `PodDisruptionBudgetTemplate` - resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - podSet: - description: Template for ZooKeeper `StrimziPodSet` resource. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - serviceAccount: - description: Template for the ZooKeeper service account. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - statefulset: - description: Template for ZooKeeper `StatefulSet`. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - podManagementPolicy: - description: PodManagementPolicy which will be used for - this StatefulSet. Valid values are `Parallel` and `OrderedReady`. - Defaults to `Parallel`. - enum: - - OrderedReady - - Parallel - type: string - type: object - zookeeperContainer: - description: Template for the ZooKeeper container. - properties: - env: - description: Environment variables which should be applied - to the container. - items: - properties: - name: - description: The environment variable key. - type: string - value: - description: The environment variable value. - type: string - type: object - type: array - securityContext: - description: Security context for the container. - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: + seLinuxOptions: + type: object + properties: + level: type: string - type: array - drop: - items: + role: type: string - type: array + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + volumeMounts: + type: array + items: type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - type: integer - runAsNonRoot: - type: boolean - runAsUser: - type: integer - seLinuxOptions: properties: - level: + mountPath: type: string - role: + mountPropagation: type: string - type: - type: string - user: + name: type: string - type: object - seccompProfile: - properties: - localhostProfile: + readOnly: + type: boolean + recursiveReadOnly: type: string - type: + subPath: type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: + subPathExpr: type: string - gmsaCredentialSpecName: + description: Additional volume mounts which should be applied to the container. + description: Template for the Kafka Exporter container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: type: string - hostProcess: - type: boolean - runAsUserName: + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: type: string - type: object - type: object - type: object + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Exporter service account. + description: Customization of deployment templates and pods. + description: "Configuration of the Kafka Exporter. Kafka Exporter can provide additional metrics, for example lag of consumer group at topic/partition." + maintenanceTimeWindows: + type: array + items: + type: string + description: "A list of time windows for maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression." + required: + - kafka + description: "The specification of the Kafka and ZooKeeper clusters, and Topic Operator." + status: + type: object + properties: + conditions: + type: array + items: type: object - required: - - replicas - - storage - type: object - required: - - kafka - - zookeeper - type: object - status: - description: The status of the Kafka and ZooKeeper clusters, and Topic - Operator. - properties: - clusterId: - description: Kafka cluster Id. - type: string - conditions: - description: List of status conditions. - items: - properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. - type: string - message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. - type: string - type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. - type: string - type: object - type: array - listeners: - description: Addresses of the internal and external listeners. - items: - properties: - addresses: - description: A list of the addresses for this listener. - items: - properties: - host: - description: The DNS name or IP address of the Kafka bootstrap - service. - type: string - port: - description: The port of the Kafka bootstrap service. - type: integer - type: object - type: array - bootstrapServers: - description: A comma-separated list of `host:port` pairs for - connecting to the Kafka cluster using this listener. - type: string - certificates: - description: A list of TLS certificates which can be used to - verify the identity of the server when connecting to the given - listener. Set only for `tls` and `external` listeners. - items: + properties: + type: type: string - type: array - name: - description: The name of the listener. - type: string - type: - description: '*The `type` property has been deprecated, and - should now be configured using `name`.* The name of the listener.' - type: string - type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + listeners: + type: array + items: + type: object + properties: + type: + type: string + description: The name of the listener. + name: + type: string + description: The name of the listener. + addresses: + type: array + items: + type: object + properties: + host: + type: string + description: The DNS name or IP address of the Kafka bootstrap service. + port: + type: integer + description: The port of the Kafka bootstrap service. + description: A list of the addresses for this listener. + bootstrapServers: + type: string + description: A comma-separated list of `host:port` pairs for connecting to the Kafka cluster using this listener. + certificates: + type: array + items: + type: string + description: A list of TLS certificates which can be used to verify the identity of the server when connecting to the given listener. Set only for `tls` and `external` listeners. + description: Addresses of the internal and external listeners. + kafkaNodePools: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the KafkaNodePool used by this Kafka resource. + description: List of the KafkaNodePools used by this Kafka cluster. + registeredNodeIds: + type: array + items: + type: integer + description: Registered node IDs used by this Kafka cluster. This field is used for internal purposes only and will be removed in the future. + clusterId: + type: string + description: Kafka cluster Id. + operatorLastSuccessfulVersion: + type: string + description: The version of the Strimzi Cluster Operator which performed the last successful reconciliation. + kafkaVersion: + type: string + description: The version of Kafka currently deployed in the cluster. + kafkaMetadataVersion: + type: string + description: The KRaft metadata.version currently used by the Kafka cluster. + kafkaMetadataState: + type: string + enum: + - ZooKeeper + - KRaftMigration + - KRaftDualWriting + - KRaftPostMigration + - PreKRaft + - KRaft + description: "Defines where cluster metadata are stored. Possible values are: ZooKeeper if the metadata are stored in ZooKeeper; KRaftMigration if the controllers are connected to ZooKeeper, brokers are being rolled with Zookeeper migration enabled and connection information to controllers, and the metadata migration process is running; KRaftDualWriting if the metadata migration process finished and the cluster is in dual-write mode; KRaftPostMigration if the brokers are fully KRaft-based but controllers being rolled to disconnect from ZooKeeper; PreKRaft if brokers and controller are fully KRaft-based, metadata are stored in KRaft, but ZooKeeper must be deleted; KRaft if the metadata are stored in KRaft." + description: "The status of the Kafka and ZooKeeper clusters, and Topic Operator." diff --git a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkatopics.crd.yaml b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkatopics.crd.yaml index f169da308..2f84c462a 100644 --- a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkatopics.crd.yaml +++ b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkatopics.crd.yaml @@ -2,291 +2,343 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkatopics.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: "true" + component: kafkatopics.kafka.strimzi.io-crd spec: - conversion: - strategy: None group: kafka.strimzi.io names: - categories: - - strimzi kind: KafkaTopic listKind: KafkaTopicList + singular: kafkatopic plural: kafkatopics shortNames: - - kt - singular: kafkatopic + - kt + categories: + - strimzi scope: Namespaced + conversion: + strategy: None versions: - - additionalPrinterColumns: - - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - name: Partitions - type: integer - - description: The desired number of replicas of each partition - jsonPath: .spec.replicas - name: Replication factor - type: integer - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1beta2 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the topic. - properties: - config: - description: The topic configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - partitions: - description: The number of partitions the topic should have. This - cannot be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the consequences - that has, especially for topics with semantic partitioning. When - absent this will default to the broker configuration for `num.partitions`. - minimum: 1 - type: integer - replicas: - description: The number of replicas the topic should have. When absent - this will default to the broker configuration for `default.replication.factor`. - maximum: 32767 - minimum: 1 - type: integer - topicName: - description: The name of the topic. When absent this will default - to the metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes resource name. - type: string - type: object - status: - description: The status of the topic. - properties: - conditions: - description: List of status conditions. - items: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. + partitions: + type: integer + minimum: 1 + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name." + replicasChange: + type: object properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. + targetReplicas: + type: integer + description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. + state: type: string + enum: + - pending + - ongoing + description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control." message: - description: Human-readable message indicating details about - the condition's last transition. type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. - type: string - type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. + description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. + sessionId: type: string + description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. + description: Replication factor change status. + description: The status of the topic. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. + partitions: + type: integer + minimum: 1 + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name." + replicasChange: type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - topicName: - description: Topic name. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - name: Partitions - type: integer - - description: The desired number of replicas of each partition - jsonPath: .spec.replicas - name: Replication factor - type: integer - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the topic. - properties: - config: - description: The topic configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - partitions: - description: The number of partitions the topic should have. This - cannot be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the consequences - that has, especially for topics with semantic partitioning. When - absent this will default to the broker configuration for `num.partitions`. - minimum: 1 - type: integer - replicas: - description: The number of replicas the topic should have. When absent - this will default to the broker configuration for `default.replication.factor`. - maximum: 32767 - minimum: 1 - type: integer - topicName: - description: The name of the topic. When absent this will default - to the metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes resource name. - type: string - type: object - status: - description: The status of the topic. - properties: - conditions: - description: List of status conditions. - items: properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. + targetReplicas: + type: integer + description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. + state: type: string + enum: + - pending + - ongoing + description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control." message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. type: string - type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. + description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. + sessionId: type: string + description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. + description: Replication factor change status. + description: The status of the topic. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name. + partitions: + type: integer + minimum: 1 + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name." + replicasChange: type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - topicName: - description: Topic name. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The name of the Kafka cluster this topic belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: The desired number of partitions in the topic - jsonPath: .spec.partitions - name: Partitions - type: integer - - description: The desired number of replicas of each partition - jsonPath: .spec.replicas - name: Replication factor - type: integer - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the topic. - properties: - config: - description: The topic configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - partitions: - description: The number of partitions the topic should have. This - cannot be decreased after topic creation. It can be increased after - topic creation, but it is important to understand the consequences - that has, especially for topics with semantic partitioning. When - absent this will default to the broker configuration for `num.partitions`. - minimum: 1 - type: integer - replicas: - description: The number of replicas the topic should have. When absent - this will default to the broker configuration for `default.replication.factor`. - maximum: 32767 - minimum: 1 - type: integer - topicName: - description: The name of the topic. When absent this will default - to the metadata.name of the topic. It is recommended to not set - this unless the topic name is not a valid Kubernetes resource name. - type: string - type: object - status: - description: The status of the topic. - properties: - conditions: - description: List of status conditions. - items: properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. + targetReplicas: + type: integer + description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing. + state: type: string + enum: + - pending + - ongoing + description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control." message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). type: string - status: - description: The status of the condition, either True, False - or Unknown. + description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations. + sessionId: type: string - type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. - type: string - type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - topicName: - description: Topic name. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} + description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations. + description: Replication factor change status. + description: The status of the topic. diff --git a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkausers.crd.yaml b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkausers.crd.yaml index 781269f1a..9f015abf2 100644 --- a/test/manifest/crd/0000_05_kafka.strimzi.io_kafkausers.crd.yaml +++ b/test/manifest/crd/0000_05_kafka.strimzi.io_kafkausers.crd.yaml @@ -2,856 +2,715 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kafkausers.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: "true" + component: kafkausers.kafka.strimzi.io-crd spec: - conversion: - strategy: None group: kafka.strimzi.io names: - categories: - - strimzi kind: KafkaUser listKind: KafkaUserList + singular: kafkauser plural: kafkausers shortNames: - - ku - singular: kafkauser + - ku + categories: + - strimzi scope: Namespaced + conversion: + strategy: None versions: - - additionalPrinterColumns: - - description: The name of the Kafka cluster this user belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: How the user is authenticated - jsonPath: .spec.authentication.type - name: Authentication - type: string - - description: How the user is authorised - jsonPath: .spec.authorization.type - name: Authorization - type: string - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1beta2 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the user. - properties: - authentication: - description: "Authentication mechanism enabled for this Kafka user. - The supported authentication mechanisms are `scram-sha-512`, `tls`, - and `tls-external`. \n\n* `scram-sha-512` generates a secret with - SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with - user certificate for mutual TLS authentication.\n* `tls-external` - does not generate a user certificate. But prepares the user for - using mutual TLS authentication using a user certificate generated - outside the User Operator.\n ACLs and quotas set for this user - are configured in the `CN=` format.\n\nAuthentication - is optional. If authentication is not configured, no credentials - are generated. ACLs and quotas set for the user are configured in - the `` format suitable for SASL authentication." - properties: - password: - description: Specify the password for the user. If not set, a - new password is generated by the User Operator. - properties: - valueFrom: - description: Secret from which the password should be read. + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object + properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." + type: + type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." + authorization: + type: object + properties: + acls: + type: array + items: + type: object properties: - secretKeyRef: - description: Selects a key of a Secret in the resource's - namespace. + type: + type: string + enum: + - allow + - deny + description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. + resource: + type: object properties: - key: - type: string name: type: string - optional: - type: boolean - type: object - type: object - required: - - valueFrom - type: object - type: - description: Authentication type. - enum: - - tls - - tls-external - - scram-sha-512 - type: string - required: - - type - type: object - authorization: - description: Authorization rules for this Kafka user. - properties: - acls: - description: List of ACL rules which should be applied to this - user. - items: - properties: - host: - description: The host from which the action described in - the ACL rule is allowed or denied. - type: string - operation: - description: 'Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, Delete, - Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, - IdempotentWrite and All.' - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - type: string - operations: - description: 'List of operations which will be allowed or - denied. Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, AlterConfigs, - DescribeConfigs, IdempotentWrite and All.' - items: - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All + description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." + required: + - type + description: Indicates the resource for which given ACL rule applies. + host: type: string - type: array - resource: - description: Indicates the resource for which given ACL - rule applies. - properties: - name: - description: Name of resource for which given ACL rule - applies. Can be combined with `patternType` field - to use prefix pattern. - type: string - patternType: - description: Describes the pattern used in the resource - field. The supported types are `literal` and `prefix`. - With `literal` pattern type, the resource field will - be used as a definition of a full name. With `prefix` - pattern type, the resource name will be used only - as a prefix. Default value is `literal`. - enum: - - literal - - prefix + description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host." + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: type: string - type: - description: Resource type. The available resource types - are `topic`, `group`, `cluster`, and `transactionalId`. enum: - - topic - - group - - cluster - - transactionalId - type: string - required: - - type - type: object - type: - description: The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are used - to allow user to execute the specified operations. Default - value is `allow`. - enum: - - allow - - deny - type: string - required: - - resource + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." + description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: type: object - type: array - type: - description: Authorization type. Currently the only supported - type is `simple`. `simple` authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` - class for authorization. - enum: - - simple - type: string - required: - - acls - - type - type: object - quotas: - description: Quotas on requests to control the broker resources used - by clients. Network bandwidth and request rate quotas can be enforced.Kafka - documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. - properties: - consumerByteRate: - description: A quota on the maximum bytes per-second that each - client group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - controllerMutationRate: - description: A quota on the rate at which mutations are accepted - for the create topics request, the create partitions request - and the delete topics request. The rate is accumulated by the - number of partitions created or deleted. - minimum: 0 - type: number - producerByteRate: - description: A quota on the maximum bytes per-second that each - client group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - requestPercentage: - description: A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. - minimum: 0 - type: integer - type: object - template: - description: Template to specify how Kafka User `Secrets` are generated. - properties: - secret: - description: Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS certificates - is generated. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. Can - be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: type: object - type: object - type: object - status: - description: The status of the Kafka User. - properties: - conditions: - description: List of status conditions. - items: + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. - type: string - message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. - type: string + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." + authorization: type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - secret: - description: The name of `Secret` where the credentials are stored. - type: string - username: - description: Username. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: The name of the Kafka cluster this user belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: How the user is authenticated - jsonPath: .spec.authentication.type - name: Authentication - type: string - - description: How the user is authorised - jsonPath: .spec.authorization.type - name: Authorization - type: string - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the user. - properties: - authentication: - description: "Authentication mechanism enabled for this Kafka user. - The supported authentication mechanisms are `scram-sha-512`, `tls`, - and `tls-external`. \n\n* `scram-sha-512` generates a secret with - SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with - user certificate for mutual TLS authentication.\n* `tls-external` - does not generate a user certificate. But prepares the user for - using mutual TLS authentication using a user certificate generated - outside the User Operator.\n ACLs and quotas set for this user - are configured in the `CN=` format.\n\nAuthentication - is optional. If authentication is not configured, no credentials - are generated. ACLs and quotas set for the user are configured in - the `` format suitable for SASL authentication." - properties: - password: - description: Specify the password for the user. If not set, a - new password is generated by the User Operator. - properties: - valueFrom: - description: Secret from which the password should be read. + properties: + acls: + type: array + items: + type: object properties: - secretKeyRef: - description: Selects a key of a Secret in the resource's - namespace. + type: + type: string + enum: + - allow + - deny + description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. + resource: + type: object properties: - key: - type: string name: type: string - optional: - type: boolean - type: object - type: object - required: - - valueFrom - type: object - type: - description: Authentication type. - enum: - - tls - - tls-external - - scram-sha-512 - type: string - required: - - type - type: object - authorization: - description: Authorization rules for this Kafka user. - properties: - acls: - description: List of ACL rules which should be applied to this - user. - items: - properties: - host: - description: The host from which the action described in - the ACL rule is allowed or denied. - type: string - operation: - description: 'Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, Delete, - Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, - IdempotentWrite and All.' - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - type: string - operations: - description: 'List of operations which will be allowed or - denied. Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, AlterConfigs, - DescribeConfigs, IdempotentWrite and All.' - items: - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All + description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." + required: + - type + description: Indicates the resource for which given ACL rule applies. + host: type: string - type: array - resource: - description: Indicates the resource for which given ACL - rule applies. - properties: - name: - description: Name of resource for which given ACL rule - applies. Can be combined with `patternType` field - to use prefix pattern. - type: string - patternType: - description: Describes the pattern used in the resource - field. The supported types are `literal` and `prefix`. - With `literal` pattern type, the resource field will - be used as a definition of a full name. With `prefix` - pattern type, the resource name will be used only - as a prefix. Default value is `literal`. - enum: - - literal - - prefix + description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host." + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: type: string - type: - description: Resource type. The available resource types - are `topic`, `group`, `cluster`, and `transactionalId`. enum: - - topic - - group - - cluster - - transactionalId - type: string - required: - - type - type: object - type: - description: The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are used - to allow user to execute the specified operations. Default - value is `allow`. - enum: - - allow - - deny - type: string - required: - - resource + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." + description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: type: object - type: array - type: - description: Authorization type. Currently the only supported - type is `simple`. `simple` authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` - class for authorization. - enum: - - simple - type: string - required: - - acls - - type - type: object - quotas: - description: Quotas on requests to control the broker resources used - by clients. Network bandwidth and request rate quotas can be enforced.Kafka - documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. - properties: - consumerByteRate: - description: A quota on the maximum bytes per-second that each - client group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - controllerMutationRate: - description: A quota on the rate at which mutations are accepted - for the create topics request, the create partitions request - and the delete topics request. The rate is accumulated by the - number of partitions created or deleted. - minimum: 0 - type: number - producerByteRate: - description: A quota on the maximum bytes per-second that each - client group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - requestPercentage: - description: A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. - minimum: 0 - type: integer - type: object - template: - description: Template to specify how Kafka User `Secrets` are generated. - properties: - secret: - description: Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS certificates - is generated. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. Can - be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: type: object - type: object - type: object - status: - description: The status of the Kafka User. - properties: - conditions: - description: List of status conditions. - items: + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + kind: + type: string + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. - type: string - message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. - type: string + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." + authorization: type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - secret: - description: The name of `Secret` where the credentials are stored. - type: string - username: - description: Username. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The name of the Kafka cluster this user belongs to - jsonPath: .metadata.labels.strimzi\.io/cluster - name: Cluster - type: string - - description: How the user is authenticated - jsonPath: .spec.authentication.type - name: Authentication - type: string - - description: How the user is authorised - jsonPath: .spec.authorization.type - name: Authorization - type: string - - description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - spec: - description: The specification of the user. - properties: - authentication: - description: "Authentication mechanism enabled for this Kafka user. - The supported authentication mechanisms are `scram-sha-512`, `tls`, - and `tls-external`. \n\n* `scram-sha-512` generates a secret with - SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with - user certificate for mutual TLS authentication.\n* `tls-external` - does not generate a user certificate. But prepares the user for - using mutual TLS authentication using a user certificate generated - outside the User Operator.\n ACLs and quotas set for this user - are configured in the `CN=` format.\n\nAuthentication - is optional. If authentication is not configured, no credentials - are generated. ACLs and quotas set for the user are configured in - the `` format suitable for SASL authentication." - properties: - password: - description: Specify the password for the user. If not set, a - new password is generated by the User Operator. - properties: - valueFrom: - description: Secret from which the password should be read. + properties: + acls: + type: array + items: + type: object properties: - secretKeyRef: - description: Selects a key of a Secret in the resource's - namespace. + type: + type: string + enum: + - allow + - deny + description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. + resource: + type: object properties: - key: - type: string name: type: string - optional: - type: boolean - type: object - type: object - required: - - valueFrom - type: object - type: - description: Authentication type. - enum: - - tls - - tls-external - - scram-sha-512 - type: string - required: - - type - type: object - authorization: - description: Authorization rules for this Kafka user. - properties: - acls: - description: List of ACL rules which should be applied to this - user. - items: - properties: - host: - description: The host from which the action described in - the ACL rule is allowed or denied. - type: string - operation: - description: 'Operation which will be allowed or denied. - Supported operations are: Read, Write, Create, Delete, - Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, - IdempotentWrite and All.' - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - type: string - operations: - description: 'List of operations which will be allowed or - denied. Supported operations are: Read, Write, Create, - Delete, Alter, Describe, ClusterAction, AlterConfigs, - DescribeConfigs, IdempotentWrite and All.' - items: - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All + description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." + required: + - type + description: Indicates the resource for which given ACL rule applies. + host: type: string - type: array - resource: - description: Indicates the resource for which given ACL - rule applies. - properties: - name: - description: Name of resource for which given ACL rule - applies. Can be combined with `patternType` field - to use prefix pattern. - type: string - patternType: - description: Describes the pattern used in the resource - field. The supported types are `literal` and `prefix`. - With `literal` pattern type, the resource field will - be used as a definition of a full name. With `prefix` - pattern type, the resource name will be used only - as a prefix. Default value is `literal`. - enum: - - literal - - prefix + description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host." + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: type: string - type: - description: Resource type. The available resource types - are `topic`, `group`, `cluster`, and `transactionalId`. enum: - - topic - - group - - cluster - - transactionalId - type: string - required: - - type - type: object - type: - description: The type of the rule. Currently the only supported - type is `allow`. ACL rules with type `allow` are used - to allow user to execute the specified operations. Default - value is `allow`. - enum: - - allow - - deny - type: string - required: - - resource - type: object - type: array - type: - description: Authorization type. Currently the only supported - type is `simple`. `simple` authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` - class for authorization. - enum: - - simple - type: string - required: - - acls - - type - type: object - quotas: - description: Quotas on requests to control the broker resources used - by clients. Network bandwidth and request rate quotas can be enforced.Kafka - documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. - properties: - consumerByteRate: - description: A quota on the maximum bytes per-second that each - client group can fetch from a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - controllerMutationRate: - description: A quota on the rate at which mutations are accepted - for the create topics request, the create partitions request - and the delete topics request. The rate is accumulated by the - number of partitions created or deleted. - minimum: 0 - type: number - producerByteRate: - description: A quota on the maximum bytes per-second that each - client group can publish to a broker before the clients in the - group are throttled. Defined on a per-broker basis. - minimum: 0 - type: integer - requestPercentage: - description: A quota on the maximum CPU utilization of each client - group as a percentage of network and I/O threads. - minimum: 0 - type: integer - type: object - template: - description: Template to specify how Kafka User `Secrets` are generated. - properties: - secret: - description: Template for KafkaUser resources. The template allows - users to specify how the `Secret` with password or TLS certificates - is generated. - properties: - metadata: - description: Metadata applied to the resource. - properties: - annotations: - description: Annotations added to the resource template. - Can be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - description: Labels added to the resource template. Can - be applied to different resources such as `StatefulSets`, - `Deployments`, `Pods`, and `Services`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - type: object - status: - description: The status of the Kafka User. - properties: - conditions: - description: List of status conditions. - items: - properties: - lastTransitionTime: - description: Last time the condition of a type changed from - one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', - in the UTC time zone. - type: string - message: - description: Human-readable message indicating details about - the condition's last transition. - type: string - reason: - description: The reason for the condition's last transition - (a single word in CamelCase). - type: string - status: - description: The status of the condition, either True, False - or Unknown. - type: string + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." + required: + - resource + description: List of ACL rules which should be applied to this user. type: - description: The unique identifier of a condition, used to distinguish - between other conditions in the resource. type: string + enum: + - simple + description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." + description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. + template: type: object - type: array - observedGeneration: - description: The generation of the CRD that was last reconciled by - the operator. - type: integer - secret: - description: The name of `Secret` where the credentials are stored. - type: string - username: - description: Username. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - + properties: + secret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." + status: + type: string + description: "The status of the condition, either True, False or Unknown." + lastTransitionTime: + type: string + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." + reason: + type: string + description: The reason for the condition's last transition (a single word in CamelCase). + message: + type: string + description: Human-readable message indicating details about the condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: The generation of the CRD that was last reconciled by the operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. diff --git a/test/script/e2e_kafka.sh b/test/script/e2e_kafka.sh index 27478a93e..d69281b40 100755 --- a/test/script/e2e_kafka.sh +++ b/test/script/e2e_kafka.sh @@ -41,7 +41,7 @@ sed -i -e "s;NODE_PORT_HOST;$node_port_host;" "$TEST_DIR"/manifest/kafka/kafka-c # deploy kafka cluster kubectl apply -k "$TEST_DIR"/manifest/kafka/kafka-cluster -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -wait_cmd "kubectl get kafka kafka -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG -o jsonpath='{.status.listeners[1]}' | grep bootstrapServers" +wait_cmd "kubectl get kafka kafka -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG -o jsonpath='{.status.listeners[0]}' | grep bootstrapServers" echo "Kafka cluster is ready" # generate resource for standalone agent diff --git a/test/script/e2e_run_byo.sh b/test/script/e2e_run_byo.sh index e300b96a0..f31747e74 100755 --- a/test/script/e2e_run_byo.sh +++ b/test/script/e2e_run_byo.sh @@ -62,7 +62,7 @@ if kubectl get secret "$transport_secret" -n "$target_namespace" --kubeconfig "$ fi # wait the cluster is ready -wait_cmd "kubectl get kafka kafka -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG -o jsonpath='{.status.listeners[1]}' | grep bootstrapServers" +wait_cmd "kubectl get kafka kafka -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG -o jsonpath='{.status.listeners[0]}' | grep bootstrapServers" # wait the byo kafkatopic and kafkauser wait_cmd "kubectl get kafkatopic gh-spec -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG | grep -C 1 True" @@ -70,8 +70,8 @@ wait_cmd "kubectl get kafkatopic gh-status -n $kafka_namespace --kubeconfig $KAF wait_cmd "kubectl get kafkauser $byo_user -n $kafka_namespace --kubeconfig $KAFKA_KUBECONFIG | grep -C 1 True" echo "Kafka topic and user is ready" -bootstrap_server=$(kubectl get kafka kafka -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.status.listeners[1].bootstrapServers}') -kubectl get kafka kafka -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.status.listeners[1].certificates[0]}' >"$CURRENT_DIR"/config/kafka-ca-cert.pem +bootstrap_server=$(kubectl get kafka kafka -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.status.listeners[0].bootstrapServers}') +kubectl get kafka kafka -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.status.listeners[0].certificates[0]}' >"$CURRENT_DIR"/config/kafka-ca-cert.pem kubectl get secret $byo_user -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.data.user\.crt}' | base64 -d >"$CURRENT_DIR"/config/kafka-client-cert.pem kubectl get secret $byo_user -n "$kafka_namespace" --kubeconfig "$KAFKA_KUBECONFIG" -o jsonpath='{.data.user\.key}' | base64 -d >"$CURRENT_DIR"/config/kafka-client-key.pem diff --git a/test/script/event_exporter_kafka.sh b/test/script/event_exporter_kafka.sh index 6a0af0f34..8aa6b2215 100755 --- a/test/script/event_exporter_kafka.sh +++ b/test/script/event_exporter_kafka.sh @@ -37,9 +37,9 @@ if ! kubectl get secret $standalone_user -n "$kafka_namespace" &>/dev/null; then fi cat <"$CURRENT_DIR/kafka.yaml" -bootstrap.server: $(kubectl get kafka kafka -n "$kafka_namespace" -o jsonpath='{.status.listeners[1].bootstrapServers}') +bootstrap.server: $(kubectl get kafka kafka -n "$kafka_namespace" -o jsonpath='{.status.listeners[0].bootstrapServers}') topic.status: $status_topic -ca.crt: $(kubectl get kafka kafka -n "$kafka_namespace" -o jsonpath='{.status.listeners[1].certificates[0]}' | { if [[ "$OSTYPE" == "darwin"* ]]; then base64 -b 0; else base64 -w 0; fi; }) +ca.crt: $(kubectl get kafka kafka -n "$kafka_namespace" -o jsonpath='{.status.listeners[0].certificates[0]}' | { if [[ "$OSTYPE" == "darwin"* ]]; then base64 -b 0; else base64 -w 0; fi; }) client.crt: $(kubectl get secret $standalone_user -n "$kafka_namespace" -o jsonpath='{.data.user\.crt}') client.key: $(kubectl get secret $standalone_user -n "$kafka_namespace" -o jsonpath='{.data.user\.key}') EOF From ff0ee78f1c69d14aaf89e8cecfdb8d3cd52e4131 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Mon, 2 Dec 2024 16:29:48 +0800 Subject: [PATCH 11/16] keep redirect stderr only for wait_cmd Signed-off-by: clyang82 --- test/script/kessel_e2e_setup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/script/kessel_e2e_setup.sh b/test/script/kessel_e2e_setup.sh index b5dbd9f04..b6e801327 100755 --- a/test/script/kessel_e2e_setup.sh +++ b/test/script/kessel_e2e_setup.sh @@ -77,9 +77,9 @@ error_cache=$(mktemp) # Use a Subshell to Isolate the Exit (wait_cmd "kubectl get deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true (wait_cmd "kubectl get deploy/multicluster-global-hub-manager -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true -(kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=60s --context "$cluster_name") 2>>"$error_cache" || true +(kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=60s --context "$cluster_name") || true (wait_cmd "kubectl get deploy/inventory-api -n multicluster-global-hub --context $cluster_name" 60) 2>>"$error_cache" || true -(kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name) 2>>"$error_cache" || true +(kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name) || true # Debug information kubectl get kafka -n multicluster-global-hub -oyaml --context $cluster_name || true From 5b5508f08b4da75a647a02534f2a52fdb5253439 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Tue, 3 Dec 2024 12:04:26 +0800 Subject: [PATCH 12/16] enable nodeport for test Signed-off-by: clyang82 --- operator/pkg/constants/constants.go | 2 ++ .../protocol/strimzi_transporter.go | 6 ++--- test/e2e/suite_test.go | 1 + .../kafka/kafka-cluster/kafka-cluster.yaml | 4 +-- test/script/kessel_e2e_setup.sh | 26 +++++++------------ 5 files changed, 16 insertions(+), 23 deletions(-) diff --git a/operator/pkg/constants/constants.go b/operator/pkg/constants/constants.go index 008aa8276..09f23111c 100644 --- a/operator/pkg/constants/constants.go +++ b/operator/pkg/constants/constants.go @@ -120,6 +120,8 @@ const ( // KinDClusterIPKey defines a KinD container host which is used for test. // It will be inject to the server certificates of kafka and inventory KinDClusterIPKey = "global-hub.open-cluster-management.io/kind-cluster-ip" + // KafkaUseNodeport indicates that Kafka is exposed via NodePort, and it is intended for testing purposes. + KafkaUseNodeport = "global-hub.open-cluster-management.io/kafka-use-nodeport" ) // AggregationLevel specifies the level of aggregation leaf hubs should do before sending the information diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index 4b74a3b53..d6d1a5103 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -673,8 +673,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG }, } - // brokerAdvertisedHost is used for test in KinD cluster. we need to use AdvertisedHost to pass tls authn. - brokerAdvertisedHost, exists := mgh.Annotations[operatorconstants.KinDClusterIPKey] + _, exists := mgh.Annotations[operatorconstants.KafkaUseNodeport] if exists { listeners[0].Configuration = &kafkav1beta2.KafkaSpecKafkaListenersElemConfiguration{ Bootstrap: &kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBootstrap{ @@ -682,8 +681,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG }, Brokers: []kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBrokersElem{ { - Broker: 0, - AdvertisedHost: &brokerAdvertisedHost, + Broker: 0, }, }, } diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index a3859e2a6..73d51b6c6 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -304,6 +304,7 @@ func deployGlobalHub() { "mgh-scheduler-interval": "minute", "global-hub.open-cluster-management.io/catalog-source-name": "operatorhubio-catalog", "global-hub.open-cluster-management.io/catalog-source-namespace": "olm", + "global-hub.open-cluster-management.io/kafka-use-nodeport": "", }, }, Spec: v1alpha4.MulticlusterGlobalHubSpec{ diff --git a/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml b/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml index 10490a2c9..9a46d6784 100644 --- a/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml +++ b/test/manifest/kafka/kafka-cluster/kafka-cluster.yaml @@ -27,8 +27,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.0 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - authentication: type: tls diff --git a/test/script/kessel_e2e_setup.sh b/test/script/kessel_e2e_setup.sh index b6e801327..c54dc76d1 100755 --- a/test/script/kessel_e2e_setup.sh +++ b/test/script/kessel_e2e_setup.sh @@ -70,16 +70,15 @@ spec: imagePullPolicy: IfNotPresent EOF -# Create a temporary file to store stderr messages -error_cache=$(mktemp) +# Trap exit to ignore the function's exit 1 +trap '' EXIT # Wait the control planes are ready -# Use a Subshell to Isolate the Exit -(wait_cmd "kubectl get deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true -(wait_cmd "kubectl get deploy/multicluster-global-hub-manager -n multicluster-global-hub --context $cluster_name") 2>>"$error_cache" || true -(kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=60s --context "$cluster_name") || true -(wait_cmd "kubectl get deploy/inventory-api -n multicluster-global-hub --context $cluster_name" 60) 2>>"$error_cache" || true -(kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name) || true +wait_cmd "kubectl get deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name" +wait_cmd "kubectl get deploy/multicluster-global-hub-manager -n multicluster-global-hub --context $cluster_name" +kubectl wait deploy/multicluster-global-hub-manager -n multicluster-global-hub --for condition=Available=True --timeout=60s --context "$cluster_name" +wait_cmd "kubectl get deploy/inventory-api -n multicluster-global-hub --context $cluster_name" 60 +kubectl wait deploy/inventory-api -n multicluster-global-hub --for condition=Available=True --timeout=60s --context $cluster_name # Debug information kubectl get kafka -n multicluster-global-hub -oyaml --context $cluster_name || true @@ -88,13 +87,6 @@ kubectl get mcgh -n multicluster-global-hub -oyaml --context $cluster_name || tr kubectl logs deploy/multicluster-global-hub-operator -n multicluster-global-hub --context $cluster_name || true kubectl get deploy -n multicluster-global-hub --context $cluster_name || true -if [ -s "$error_cache" ]; then - echo "The following errors were encountered:" - cat "$error_cache" - rm "$error_cache" # Clean up the temporary file - exit 1 # Exit with error status -else - echo "All commands executed successfully." - rm "$error_cache" # Clean up the temporary file -fi +# Restore default behavior +trap - EXIT From 7e270acf500f1e31c7ad379a6c24e6329943f531 Mon Sep 17 00:00:00 2001 From: clyang82 Date: Tue, 3 Dec 2024 12:15:34 +0800 Subject: [PATCH 13/16] Add annotation Signed-off-by: clyang82 --- test/script/kessel_e2e_setup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test/script/kessel_e2e_setup.sh b/test/script/kessel_e2e_setup.sh index c54dc76d1..36d3fd04e 100755 --- a/test/script/kessel_e2e_setup.sh +++ b/test/script/kessel_e2e_setup.sh @@ -52,6 +52,7 @@ metadata: global-hub.open-cluster-management.io/catalog-source-name: operatorhubio-catalog global-hub.open-cluster-management.io/catalog-source-namespace: olm global-hub.open-cluster-management.io/with-inventory: "" + global-hub.open-cluster-management.io/kafka-use-nodeport: "" global-hub.open-cluster-management.io/kind-cluster-ip: "$global_hub_node_ip" name: multiclusterglobalhub namespace: multicluster-global-hub From 5c541d97b81ef0946fffbacc8eca9d71fb9a9d3e Mon Sep 17 00:00:00 2001 From: clyang82 Date: Tue, 3 Dec 2024 21:23:56 +0800 Subject: [PATCH 14/16] Pass AdvertisedHost in Signed-off-by: clyang82 --- .../manifests/global-hub-kafka-node-pool.yaml | 2 +- .../protocol/strimzi_transporter.go | 31 ++++++++++++++----- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml index 03a693dc8..90a953bf2 100644 --- a/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml +++ b/operator/pkg/controllers/transporter/protocol/manifests/global-hub-kafka-node-pool.yaml @@ -6,7 +6,7 @@ metadata: strimzi.io/cluster: {{.KafkaCluster}} namespace: {{.Namespace}} spec: - replicas: 3 + replicas: {{.TopicReplicas}} roles: - controller - broker diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go index d6d1a5103..54a964ad4 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter.go @@ -675,19 +675,40 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG _, exists := mgh.Annotations[operatorconstants.KafkaUseNodeport] if exists { + host := mgh.Annotations[operatorconstants.KinDClusterIPKey] listeners[0].Configuration = &kafkav1beta2.KafkaSpecKafkaListenersElemConfiguration{ Bootstrap: &kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBootstrap{ NodePort: &nodePort, }, Brokers: []kafkav1beta2.KafkaSpecKafkaListenersElemConfigurationBrokersElem{ { - Broker: 0, + Broker: 0, + AdvertisedHost: &host, }, }, } listeners[0].Type = kafkav1beta2.KafkaSpecKafkaListenersElemTypeNodeport } + config := "" + if mgh.Spec.AvailabilityConfig == operatorv1alpha4.HABasic { + config = `{ +"default.replication.factor": 1, +"min.insync.replicas": 1, +"offsets.topic.replication.factor": 1, +"transaction.state.log.min.isr": 1, +"transaction.state.log.replication.factor": 1 +}` + } else { + config = `{ +"default.replication.factor": 3, +"min.insync.replicas": 2, +"offsets.topic.replication.factor": 3, +"transaction.state.log.min.isr": 2, +"transaction.state.log.replication.factor": 3 +}` + } + kafkaCluster := &kafkav1beta2.Kafka{ ObjectMeta: metav1.ObjectMeta{ Name: k.kafkaClusterName, @@ -702,13 +723,7 @@ func (k *strimziTransporter) newKafkaCluster(mgh *operatorv1alpha4.MulticlusterG }, Spec: &kafkav1beta2.KafkaSpec{ Kafka: kafkav1beta2.KafkaSpecKafka{ - Config: &apiextensions.JSON{Raw: []byte(`{ -"default.replication.factor": 3, -"min.insync.replicas": 2, -"offsets.topic.replication.factor": 3, -"transaction.state.log.min.isr": 2, -"transaction.state.log.replication.factor": 3 -}`)}, + Config: &apiextensions.JSON{Raw: []byte(config)}, Listeners: listeners, Resources: k.getKafkaResources(mgh), Authorization: &kafkav1beta2.KafkaSpecKafkaAuthorization{ From 0a733c8affdf5940920393e0d56468173dc1bc7f Mon Sep 17 00:00:00 2001 From: clyang82 Date: Tue, 3 Dec 2024 23:35:33 +0800 Subject: [PATCH 15/16] Pass global hub node ip as kafka advertisedhost Signed-off-by: clyang82 --- test/e2e/suite_test.go | 1 + test/script/e2e_run.sh | 3 +++ 2 files changed, 4 insertions(+) diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index 73d51b6c6..ac8e741ba 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -305,6 +305,7 @@ func deployGlobalHub() { "global-hub.open-cluster-management.io/catalog-source-name": "operatorhubio-catalog", "global-hub.open-cluster-management.io/catalog-source-namespace": "olm", "global-hub.open-cluster-management.io/kafka-use-nodeport": "", + "global-hub.open-cluster-management.io/kind-cluster-ip": os.Getenv("GLOBAL_HUB_NODE_IP"), }, }, Spec: v1alpha4.MulticlusterGlobalHubSpec{ diff --git a/test/script/e2e_run.sh b/test/script/e2e_run.sh index 34fe419c5..4e91d8264 100755 --- a/test/script/e2e_run.sh +++ b/test/script/e2e_run.sh @@ -96,6 +96,9 @@ verbose=${verbose:=5} # Go programs typically use dynamic linking for C libraries: confluent-kafka package is used in e2e test export CGO_ENABLED=1 +# need set it as kafka advertiesehost to pass tls authn +export GLOBAL_HUB_NODE_IP=${global_hub_node_ip} + if [ "${filter}" = "e2e-test-prune" ]; then export ISPRUNE="true" echo "run prune" From c0f05dbb4b1766f8d7982f13b8b0c8f7e1a0d35e Mon Sep 17 00:00:00 2001 From: clyang82 Date: Wed, 4 Dec 2024 11:34:27 +0800 Subject: [PATCH 16/16] Increase code coverage Signed-off-by: clyang82 --- .../protocol/strimzi_transporter_test.go | 266 +++++++++++++++++- 1 file changed, 263 insertions(+), 3 deletions(-) diff --git a/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go b/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go index 8e30514a2..15665b669 100644 --- a/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go +++ b/operator/pkg/controllers/transporter/protocol/strimzi_transporter_test.go @@ -1,13 +1,15 @@ package protocol import ( + "encoding/json" + "strings" "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "github.com/stolostron/multicluster-global-hub/operator/api/operator/v1alpha4" - constants "github.com/stolostron/multicluster-global-hub/operator/pkg/constants" + operatorconstants "github.com/stolostron/multicluster-global-hub/operator/pkg/constants" "github.com/stolostron/multicluster-global-hub/pkg/utils" ) @@ -17,8 +19,8 @@ func TestNewStrimziTransporter(t *testing.T) { Name: "test-mgh", Namespace: utils.GetDefaultNamespace(), Annotations: map[string]string{ - constants.CommunityCatalogSourceNameKey: "test", - constants.CommunityCatalogSourceNamespaceKey: "default", + operatorconstants.CommunityCatalogSourceNameKey: "test", + operatorconstants.CommunityCatalogSourceNamespaceKey: "default", }, }, Spec: v1alpha4.MulticlusterGlobalHubSpec{ @@ -48,3 +50,261 @@ func TestNewStrimziTransporter(t *testing.T) { t.Errorf("catalogSource name should be default, but %v", trans.subCatalogSourceNamespace) } } + +func TestNewKafkaCluster(t *testing.T) { + tests := []struct { + name string + mgh *v1alpha4.MulticlusterGlobalHub + expectedKafkaCluster string + }{ + { + name: "availabilityConfig is Basic", + mgh: &v1alpha4.MulticlusterGlobalHub{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-mgh", + Namespace: utils.GetDefaultNamespace(), + Annotations: map[string]string{ + operatorconstants.CommunityCatalogSourceNameKey: "test", + operatorconstants.CommunityCatalogSourceNamespaceKey: "default", + }, + }, + Spec: v1alpha4.MulticlusterGlobalHubSpec{ + AvailabilityConfig: v1alpha4.HABasic, + DataLayerSpec: v1alpha4.DataLayerSpec{ + Postgres: v1alpha4.PostgresSpec{ + Retention: "2y", + }, + }, + }, + }, + expectedKafkaCluster: `{ + "metadata": { + "name": "kafka", + "namespace": "multicluster-global-hub", + "creationTimestamp": null, + "labels": { + "global-hub.open-cluster-management.io/managed-by": "global-hub" + }, + "annotations": { + "strimzi.io/kraft": "enabled", + "strimzi.io/node-pools": "enabled" + } + }, + "spec": { + "entityOperator": { + "topicOperator": {}, + "userOperator": {} + }, + "kafka": { + "authorization": { + "type": "simple" + }, + "config": { + "default.replication.factor": 1, + "min.insync.replicas": 1, + "offsets.topic.replication.factor": 1, + "transaction.state.log.min.isr": 1, + "transaction.state.log.replication.factor": 1 + }, + "listeners": [ + { + "authentication": { + "type": "tls" + }, + "name": "tls", + "port": 9093, + "tls": true, + "type": "route" + } + ], + "resources": { + "limits": { + "memory": "4Gi" + }, + "requests": { + "cpu": "25m", + "memory": "128Mi" + } + }, + "version": "3.8.0" + } + } +}`, + }, + { + name: "availabilityConfig is High", + mgh: &v1alpha4.MulticlusterGlobalHub{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-mgh", + Namespace: utils.GetDefaultNamespace(), + Annotations: map[string]string{ + operatorconstants.CommunityCatalogSourceNameKey: "test", + operatorconstants.CommunityCatalogSourceNamespaceKey: "default", + }, + }, + Spec: v1alpha4.MulticlusterGlobalHubSpec{ + DataLayerSpec: v1alpha4.DataLayerSpec{ + Postgres: v1alpha4.PostgresSpec{ + Retention: "2y", + }, + }, + }, + }, + expectedKafkaCluster: `{ + "metadata": { + "name": "kafka", + "namespace": "multicluster-global-hub", + "creationTimestamp": null, + "labels": { + "global-hub.open-cluster-management.io/managed-by": "global-hub" + }, + "annotations": { + "strimzi.io/kraft": "enabled", + "strimzi.io/node-pools": "enabled" + } + }, + "spec": { + "entityOperator": { + "topicOperator": {}, + "userOperator": {} + }, + "kafka": { + "authorization": { + "type": "simple" + }, + "config": { + "default.replication.factor": 3, + "min.insync.replicas": 2, + "offsets.topic.replication.factor": 3, + "transaction.state.log.min.isr": 2, + "transaction.state.log.replication.factor": 3 + }, + "listeners": [ + { + "authentication": { + "type": "tls" + }, + "name": "tls", + "port": 9093, + "tls": true, + "type": "route" + } + ], + "resources": { + "limits": { + "memory": "4Gi" + }, + "requests": { + "cpu": "25m", + "memory": "128Mi" + } + }, + "version": "3.8.0" + } + } +}`, + }, + + { + name: "availabilityConfig is Basic and expose via nodeport", + mgh: &v1alpha4.MulticlusterGlobalHub{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-mgh", + Namespace: utils.GetDefaultNamespace(), + Annotations: map[string]string{ + operatorconstants.CommunityCatalogSourceNameKey: "test", + operatorconstants.CommunityCatalogSourceNamespaceKey: "default", + operatorconstants.KafkaUseNodeport: "", + operatorconstants.KinDClusterIPKey: "10.0.0.1", + }, + }, + Spec: v1alpha4.MulticlusterGlobalHubSpec{ + DataLayerSpec: v1alpha4.DataLayerSpec{ + Postgres: v1alpha4.PostgresSpec{ + Retention: "2y", + }, + }, + }, + }, + expectedKafkaCluster: `{ + "metadata": { + "name": "kafka", + "namespace": "multicluster-global-hub", + "creationTimestamp": null, + "labels": { + "global-hub.open-cluster-management.io/managed-by": "global-hub" + }, + "annotations": { + "strimzi.io/kraft": "enabled", + "strimzi.io/node-pools": "enabled" + } + }, + "spec": { + "entityOperator": { + "topicOperator": {}, + "userOperator": {} + }, + "kafka": { + "authorization": { + "type": "simple" + }, + "config": { + "default.replication.factor": 3, + "min.insync.replicas": 2, + "offsets.topic.replication.factor": 3, + "transaction.state.log.min.isr": 2, + "transaction.state.log.replication.factor": 3 + }, + "listeners": [ + { + "authentication": { + "type": "tls" + }, + "configuration": { + "bootstrap": { + "nodePort": 30093 + }, + "brokers": [ + { + "advertisedHost": "10.0.0.1", + "broker": 0 + } + ] + }, + "name": "tls", + "port": 9093, + "tls": true, + "type": "nodeport" + } + ], + "resources": { + "limits": { + "memory": "4Gi" + }, + "requests": { + "cpu": "25m", + "memory": "128Mi" + } + }, + "version": "3.8.0" + } + } +}`, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + transporter := NewStrimziTransporter(nil, tt.mgh) + cluster := transporter.newKafkaCluster(tt.mgh) + clusterBytes, _ := json.Marshal(cluster) + // Replace spaces + s := strings.ReplaceAll(tt.expectedKafkaCluster, " ", "") + // Replace newlines + s = strings.ReplaceAll(s, "\n", "") + if string(clusterBytes) != s { + t.Errorf("want %v, but got %v", s, string(clusterBytes)) + } + }) + } +}