charts/pulsar/templates/proxy-statefulset.yaml

# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # {{- if .Values.components.proxy }} apiVersion: apps/v1 kind: StatefulSet metadata: name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" namespace: {{ template "pulsar.namespace" . }} annotations: {{ .Values.proxy.appAnnotations | toYaml | nindent 4 }} labels: {{- include "pulsar.standardLabels" . | nindent 4 }} component: {{ .Values.proxy.component }} spec: serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" {{- if not .Values.proxy.autoscaling.enabled }} replicas: {{ .Values.proxy.replicaCount }} {{- end }} selector: matchLabels: {{- include "pulsar.matchLabels" . | nindent 6 }} component: {{ .Values.proxy.component }} updateStrategy: type: RollingUpdate podManagementPolicy: Parallel template: metadata: labels: {{- include "pulsar.template.labels" . | nindent 8 }} component: {{ .Values.proxy.component }} annotations: {{- if not .Values.proxy.podMonitor.enabled }} prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.proxy.ports.containerPorts.http }}" {{- end }} {{- if .Values.proxy.restartPodsOnConfigMapChange }} checksum/config: {{ include (print $.Template.BasePath "/proxy-configmap.yaml") . | sha256sum }} {{- end }} {{- with .Values.proxy.annotations }} {{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.proxy.nodeSelector }} nodeSelector: {{ toYaml .Values.proxy.nodeSelector | indent 8 }} {{- end }} {{- if .Values.proxy.tolerations }} tolerations: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} {{- if .Values.proxy.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml .Values.proxy.topologySpreadConstraints | nindent 8 }} {{- end }} affinity: {{- if and .Values.affinity.anti_affinity .Values.proxy.affinity.anti_affinity}} podAntiAffinity: {{ if eq .Values.proxy.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} {{ .Values.proxy.affinity.type }}: - labelSelector: matchExpressions: - key: "app" operator: In values: - "{{ template "pulsar.name" . }}" - key: "release" operator: In values: - {{ .Release.Name }} - key: "component" operator: In values: - {{ .Values.proxy.component }} topologyKey: {{ .Values.proxy.affinity.anti_affinity_topology_key }} {{ else }} {{ .Values.proxy.affinity.type }}: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: "app" operator: In values: - "{{ template "pulsar.name" . }}" - key: "release" operator: In values: - {{ .Release.Name }} - key: "component" operator: In values: - {{ .Values.proxy.component }} topologyKey: {{ .Values.proxy.affinity.anti_affinity_topology_key }} {{ end }} {{- end }} terminationGracePeriodSeconds: {{ .Values.proxy.gracePeriod }} serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" initContainers: {{- if and .Values.components.zookeeper .Values.proxy.waitZookeeperTimeout (gt (.Values.proxy.waitZookeeperTimeout | int) 0) }} # This init container will wait for zookeeper to be ready before # deploying the bookies - name: wait-zookeeper-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" resources: {{ toYaml .Values.initContainer.resources | nindent 10 }} command: ["timeout", "{{ .Values.proxy.waitZookeeperTimeout }}", "sh", "-c"] args: - | export PULSAR_MEM="-Xmx128M"; {{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }} until timeout 15 bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3; done; {{ else }} until timeout 15 bin/pulsar zookeeper-shell -server {{ template "pulsar.configurationStore.service" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster.name" . }}; do sleep 3; done; {{- end}} {{- end}} {{- if and .Values.components.oxia .Values.proxy.waitOxiaTimeout (gt (.Values.proxy.waitOxiaTimeout | int) 0) }} - name: wait-oxia-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" resources: {{ toYaml .Values.initContainer.resources | nindent 10 }} command: ["timeout", "{{ .Values.proxy.waitOxiaTimeout }}", "sh", "-c"] args: - | until nslookup {{ template "pulsar.oxia.server.service" . }}; do sleep 3; done; {{- end }} {{- if and .Values.proxy.waitBrokerTimeout (gt (.Values.proxy.waitBrokerTimeout | int) 0) }} # This init container will wait for at least one broker to be ready before # deploying the proxy - name: wait-broker-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" resources: {{ toYaml .Values.initContainer.resources | nindent 10 }} command: ["timeout", "{{ .Values.proxy.waitBrokerTimeout }}", "sh", "-c"] args: - | set -e; brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; until [ ${brokerServiceNumber} -ge 1 ]; do echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 10 seconds ..."; sleep 10; brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; done; {{- end}} {{- if .Values.proxy.initContainers }} {{- toYaml .Values.proxy.initContainers | nindent 6 }} {{- end }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" {{- if .Values.proxy.probe.liveness.enabled }} livenessProbe: httpGet: path: /status.html port: {{ .Values.proxy.ports.containerPorts.http }} initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }} timeoutSeconds: {{ .Values.proxy.probe.liveness.timeoutSeconds }} failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }} {{- end }} {{- if .Values.proxy.probe.readiness.enabled }} readinessProbe: httpGet: path: /status.html port: {{ .Values.proxy.ports.containerPorts.http }} initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }} timeoutSeconds: {{ .Values.proxy.probe.readiness.timeoutSeconds }} failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }} {{- end }} {{- if .Values.proxy.probe.startup.enabled }} startupProbe: httpGet: path: /status.html port: {{ .Values.proxy.ports.containerPorts.http }} initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }} periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }} timeoutSeconds: {{ .Values.proxy.probe.startup.timeoutSeconds }} failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }} {{- end }} {{- if .Values.proxy.resources }} resources: {{ toYaml .Values.proxy.resources | indent 10 }} {{- end }} command: ["sh", "-c"] args: - | {{- if .Values.proxy.additionalCommand }} {{ .Values.proxy.additionalCommand }} {{- end }} bin/apply-config-from-env.py conf/proxy.conf && echo "OK" > "${statusFilePath:-status}" && OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/pulsar proxy ports: # prometheus needs to access /metrics endpoint - name: sts-http containerPort: {{ .Values.proxy.ports.containerPorts.http }} {{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }} - name: "sts-{{ .Values.tcpPrefix }}pulsar" containerPort: {{ .Values.proxy.ports.pulsar }} {{- end }} {{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }} - name: sts-https containerPort: {{ .Values.proxy.ports.containerPorts.https }} - name: "sts-{{ .Values.tlsPrefix }}pulsarssl" containerPort: {{ .Values.proxy.ports.pulsarssl }} {{- end }} {{- if .Values.proxy.extraEnvs }} env: {{ toYaml .Values.proxy.extraEnvs | indent 8 }} {{- end }} envFrom: - configMapRef: name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" {{- if or .Values.proxy.extraVolumeMounts .Values.auth.authentication.enabled (and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled)) }} volumeMounts: {{- if .Values.auth.authentication.enabled }} {{- if eq .Values.auth.authentication.provider "jwt" }} - mountPath: "/pulsar/keys" name: token-keys readOnly: true - mountPath: "/pulsar/tokens" name: proxy-token readOnly: true {{- end }} {{- end }} {{- if .Values.tls.proxy.enabled }} - mountPath: "/pulsar/certs/proxy" name: proxy-certs readOnly: true {{- end}} {{- if .Values.tls.enabled }} - mountPath: "/pulsar/certs/ca" name: ca readOnly: true {{- end}} {{- if .Values.proxy.extraVolumeMounts }} {{ toYaml .Values.proxy.extraVolumeMounts | indent 10 }} {{- end }} {{- end}} {{- include "pulsar.imagePullSecrets" . | nindent 6}} {{- if or .Values.proxy.extraVolumes .Values.auth.authentication.enabled (and .Values.tls.enabled .Values.tls.proxy.enabled) }} volumes: {{- if .Values.proxy.extraVolumes }} {{ toYaml .Values.proxy.extraVolumes | indent 8 }} {{- end }} {{- if .Values.auth.authentication.enabled }} {{- if eq .Values.auth.authentication.provider "jwt" }} - name: token-keys secret: {{- if not .Values.auth.authentication.jwt.usingSecretKey }} secretName: "{{ .Release.Name }}-token-asymmetric-key" {{- end}} {{- if .Values.auth.authentication.jwt.usingSecretKey }} secretName: "{{ .Release.Name }}-token-symmetric-key" {{- end}} items: {{- if .Values.auth.authentication.jwt.usingSecretKey }} - key: SECRETKEY path: token/secret.key {{- else }} - key: PUBLICKEY path: token/public.key {{- end}} - name: proxy-token secret: secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.proxy }}" items: - key: TOKEN path: proxy/token {{- end}} {{- end}} {{- if .Values.tls.proxy.enabled }} - name: ca secret: {{- if eq .Values.certs.internal_issuer.type "selfsigning" }} secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}" {{- end }} {{- if eq .Values.certs.internal_issuer.type "ca" }} secretName: "{{ .Values.certs.issuers.ca.secretName }}" {{- end }} items: - key: ca.crt path: ca.crt - name: proxy-certs secret: secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key {{- end}} {{- end}} {{- end }}

charts/pulsar/templates/proxy-statefulset.yaml (293 lines of code) (raw):