in packages/constructs/L3/dataops/dataops-nifi-l3-construct/lib/cdk8s/zookeeper-chart.ts [212:425]
private createZkStatefulSet(
zookeeperService: k8s.KubeService,
zkSecretName: string,
persistentVolumes: k8s.KubePersistentVolume[],
): k8s.KubeStatefulSet {
const nodeIds = [...Array(3).keys()];
const nodeList = nodeIds.map(i => {
return `zookeeper-${i}`;
});
const sslBasePath = '/zookeeper-ssl';
const zkDataDir = '/zookeeper-data';
const zkInitBaseDir = '/zookeeper-init';
const sslSecretVolumes: [k8s.Volume, k8s.VolumeMount][] = nodeList.map(hostname => {
const volume: k8s.Volume = {
name: `${hostname}-ssl`,
secret: {
secretName: `${hostname}-ssl`,
},
};
const mount: k8s.VolumeMount = {
mountPath: `${sslBasePath}/${hostname}`,
name: volume.name,
};
return [volume, mount];
});
// nosemgrep
const zookeeperInitScriptsConfigMapData = Object.fromEntries(
fs.readdirSync(`${__dirname}/../../scripts/zookeeper`).map(fileName => {
console.log(`Reading zookeeper init script from ${__dirname}/../../scripts/zookeeper/${fileName}`);
// nosemgrep
return [fileName, fs.readFileSync(`${__dirname}/../../scripts/zookeeper/${fileName}`, 'utf-8')];
}),
);
const zookeeperInitConfigMap = new k8s.KubeConfigMap(this, 'zookeeper-init-configmap', {
metadata: {
name: 'zookeeper-init-scripts',
},
data: zookeeperInitScriptsConfigMapData,
});
const zkConfigMap = this.createZkConfigMap(zookeeperService.name, sslBasePath, zkDataDir, nodeList);
const zookeeperStsProps: k8s.KubeStatefulSetProps = {
metadata: {
name: 'zookeeper',
},
spec: {
selector: {
matchLabels: {
app: 'zookeeper',
},
},
serviceName: zookeeperService.name,
replicas: 3,
updateStrategy: {
type: 'RollingUpdate',
},
podManagementPolicy: 'Parallel',
persistentVolumeClaimRetentionPolicy: {
whenDeleted: 'Retain',
whenScaled: 'Delete',
},
volumeClaimTemplates: [
{
metadata: {
name: 'zookeeper-data',
},
spec: {
selector: {
matchLabels: {
app: 'nifi',
},
},
storageClassName: this.props.efsStorageClassName,
accessModes: ['ReadWriteOnce'],
resources: {
requests: {
storage: k8s.Quantity.fromString('5Gi'),
},
},
},
},
],
template: {
metadata: {
labels: {
app: 'zookeeper',
},
},
spec: {
tolerations: [
{
key: 'eks.amazonaws.com/compute-type',
value: 'fargate',
},
],
securityContext: {
runAsUser: 1000,
runAsGroup: 1000,
fsGroup: 1000,
},
volumes: [
{
name: 'zookeeper-init-scripts',
configMap: {
name: zookeeperInitConfigMap.name,
defaultMode: 0o755,
},
},
{
name: 'zookeeper-config',
configMap: {
name: zkConfigMap.name,
defaultMode: 0o755,
},
},
...sslSecretVolumes.map(x => x[0]),
],
containers: [
{
name: 'zookeeper',
imagePullPolicy: 'Always',
image: 'zookeeper:3.9.0',
ports: [
{
containerPort: 2181,
name: 'client',
},
{
containerPort: 2888,
name: 'server',
},
{
containerPort: 3888,
name: 'leader-election',
},
],
resources: {
requests: {
memory: k8s.Quantity.fromString('0.5Gi'),
cpu: k8s.Quantity.fromString('250m'),
},
limits: {
memory: k8s.Quantity.fromString('0.5Gi'),
cpu: k8s.Quantity.fromString('250m'),
},
},
command: ['bash', '-c', `${zkInitBaseDir}/scripts/zookeeper_start.sh`],
env: [
{
name: 'ZOO_DATA_DIR',
value: zkDataDir,
},
{
name: 'ZK_INIT_DIR',
value: zkInitBaseDir,
},
{
name: 'ZK_KEYSTORE_PASSWORD',
valueFrom: {
secretKeyRef: {
name: zkSecretName,
key: 'keystore-password',
optional: false,
},
},
},
{
name: 'ZK_TRUSTSTORE_PASSWORD',
valueFrom: {
secretKeyRef: {
name: zkSecretName,
key: 'keystore-password',
optional: false,
},
},
},
],
securityContext: {
runAsUser: 1000,
},
volumeMounts: [
{
name: 'zookeeper-config',
mountPath: `${zkInitBaseDir}/conf`,
},
{
name: 'zookeeper-init-scripts',
mountPath: `${zkInitBaseDir}/scripts`,
},
{
name: 'zookeeper-data',
mountPath: `${zkDataDir}`,
},
...sslSecretVolumes.map(x => x[1]),
],
},
],
},
},
},
};
const sts = new k8s.KubeStatefulSet(this, 'zookeeper-sts', zookeeperStsProps);
persistentVolumes.forEach(pv => {
sts.addDependency(pv);
});
return sts;
}