Merge "Remove zookeeper residue"

This commit is contained in:
Zuul 2021-03-02 02:23:04 +00:00 committed by Gerrit Code Review
commit 1a3cc61109
23 changed files with 2 additions and 918 deletions

View File

@ -13,7 +13,7 @@
---
apiVersion: v1
name: falco
version: 0.1.2
version: 0.1.3
appVersion: 0.11.1
description: Sysdig Falco
keywords:

View File

@ -969,8 +969,6 @@ conf:
http_server_binaries, db_server_binaries, nosql_server_binaries, mail_binaries,
fluentd, flanneld, splunkd, consul, smbd, runsv, PM2
]
- macro: parent_java_running_zookeeper
condition: (proc.pname=java and proc.pcmdline contains org.apache.zookeeper.server)
- macro: parent_java_running_kafka
condition: (proc.pname=java and proc.pcmdline contains kafka.Kafka)
- macro: parent_java_running_elasticsearch
@ -1006,7 +1004,6 @@ conf:
- macro: protected_shell_spawner
condition: >
(proc.aname in (protected_shell_spawning_binaries)
or parent_java_running_zookeeper
or parent_java_running_kafka
or parent_java_running_elasticsearch
or parent_java_running_activemq

View File

@ -3,4 +3,5 @@ falco:
- 0.1.0 Initial Chart
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
- 0.1.2 Update to container image repo k8s.gcr.io
- 0.1.3 Remove zookeeper residue
...

View File

@ -1,42 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make zookeeper
#NOTE: Deploy command
helm upgrade --install zookeeper ./zookeeper \
--namespace=osh-infra
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status zookeeper
#NOTE: Sleep for 60 seconds to allow leader election to complete
sleep 60
#NOTE: Create arbitrary znode
ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[0].metadata.name}')
kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 create /OSHZnode “osh-infra_is_awesome”
#NOTE: Sleep for 10 seconds to ensure replication across members
sleep 10
#NOTE: Query separate zookeeper instance for presence of znode
ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[2].metadata.name}')
kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 stat /OSHZnode

View File

@ -1 +0,0 @@
../common/zookeeper.sh

View File

@ -1,25 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v1
appVersion: v3.5.5
description: OpenStack-Helm Zookeeper
name: zookeeper
version: 0.1.1
home: https://zookeeper.apache.org/
sources:
- https://github.com/apache/zookeeper
- https://opendev.org/openstack/openstack-helm-infra
maintainers:
- name: OpenStack-Helm Authors
...

View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: ">= 0.1.0"
...

View File

@ -1,28 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
HOST=$(hostname)
ID_FILE="$ZOO_DATA_DIR/myid"
if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then
NAME=${BASH_REMATCH[1]}
ORD=${BASH_REMATCH[2]}
MY_ID=$((ORD+1))
echo $MY_ID > $ID_FILE
else
echo "Failed to extract ordinal from hostname $HOST"
exit 1
fi

View File

@ -1,19 +0,0 @@
#!/bin/sh
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
echo ruok | nc 127.0.0.1 ${ZOO_CLIENT_PORT}

View File

@ -1,23 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
COMMAND="${@:-start}"
function stop () {
kill -TERM 1
}
$COMMAND

View File

@ -1,33 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: zookeeper-bin
data:
zookeeper.sh: |
{{ tuple "bin/_zookeeper.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
generate-myid.sh: |
{{ tuple "bin/_generate-myid.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
zookeeper-liveness.sh: |
{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
zookeeper-readiness.sh: |
{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}

View File

@ -1,27 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: zookeeper-etc
type: Opaque
data:
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.zookeeper.template "key" "zoo.cfg" "format" "Secret") | indent 2 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.zookeeper.jaas.template "key" "jaas.conf" "format" "Secret") | indent 2 }}
{{- end }}

View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress .Values.network.zookeeper.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "zookeeper" "backendServiceType" "zookeeper" "backendPort" "client" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "zookeeper" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

View File

@ -1,17 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. */}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "zookeeper" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

View File

@ -1,17 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "zookeeper" "backendService" "zookeeper" ) }}
{{- end }}

View File

@ -1,27 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_zookeeper }}
{{- $envAll := . }}
{{- $secretName := index $envAll.Values.secrets.zookeeper.admin }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
ZOOKEEPER_ADMIN_USERNAME: {{ .Values.endpoints.zookeeper.auth.admin.username | b64enc }}
ZOOKEEPER_ADMIN_PASSWORD: {{ .Values.endpoints.zookeeper.auth.admin.password | b64enc }}
{{- end }}

View File

@ -1,38 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_discovery }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "zookeeper" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
labels:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
ports:
- name: client
targetPort: client
port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: election
targetPort: election
port: {{ tuple "zookeeper" "internal" "election" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: server
targetPort: server
port: {{ tuple "zookeeper" "internal" "server" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
clusterIP: None
selector:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress .Values.network.zookeeper.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "zookeeper" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -1,44 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "zookeeper" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
labels:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
ports:
- name: client
port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.zookeeper.node_port.enabled }}
nodePort: {{ .Values.network.zookeeper.node_port.port }}
{{ end }}
{{- if .Values.monitoring.prometheus.zookeeper.scrape }}
- name: zoo-exporter
port: {{ tuple "zookeeper" "internal" "zookeeper_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.monitoring.prometheus.jmx.scrape }}
- name: jmx-exporter
port: {{ tuple "zookeeper" "internal" "jmx_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
selector:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.zookeeper.node_port.enabled }}
type: NodePort
{{ end }}
{{- end }}

View File

@ -1,229 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset }}
{{- $envAll := . }}
{{- $mounts_zookeeper := .Values.pod.mounts.zookeeper.zookeeper }}
{{- $mounts_zookeeper_init := .Values.pod.mounts.zookeeper.init_container }}
{{- $zookeeperUserSecret := .Values.secrets.zookeeper.admin }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "zookeeper" }}
{{ tuple $envAll "zookeeper" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- nonResourceURLs:
- "/metrics"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $serviceAccountName }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zookeeper
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: {{ .Values.pod.replicas.zookeeper }}
podManagementPolicy: Parallel
selector:
matchLabels:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "zookeeper" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.zookeeper.node_selector_key }}: {{ .Values.labels.zookeeper.node_selector_value | quote }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.zookeeper.timeout | default "30" }}
initContainers:
{{ tuple $envAll "zookeeper" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: zookeeper-perms
{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- chown
- -R
- "zookeeper:"
- {{ .Values.conf.zookeeper.config.data_directory }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: data
mountPath: {{ .Values.conf.zookeeper.config.data_directory }}
- name: zookeeper-id
{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/generate-myid.sh
env:
- name: ZOO_DATA_DIR
value: "{{ .Values.conf.zookeeper.config.data_directory }}"
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: zookeeper-bin
mountPath: /tmp/generate-myid.sh
subPath: generate-myid.sh
readOnly: true
- name: data
mountPath: {{ .Values.conf.zookeeper.config.data_directory }}
containers:
- name: zookeeper
{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
lifecycle:
preStop:
exec:
command:
- /tmp/zookeeper.sh
- stop
ports:
- name: client
containerPort: {{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: election
containerPort: {{ tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: server
containerPort: {{ tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- name: ZOO_DATA_DIR
value: "{{ .Values.conf.zookeeper.config.data_directory }}"
- name: ZOO_CLIENT_PORT
value: "{{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
- name: SERVER_JVMFLAGS
value: {{ include "helm-toolkit.utils.joinListWithSpace" .Values.conf.zookeeper.jvm_options | quote }}
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
exec:
command:
- /tmp/zookeeper-readiness.sh
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
exec:
command:
- /tmp/zookeeper-liveness.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: etczookeeper
mountPath: /etc/zookeeper
- name: zookeeper-etc
mountPath: /conf/zoo.cfg
subPath: zoo.cfg
- name: zookeeper-etc
mountPath: /conf/jaas.conf
subPath: jaas.conf
- name: zookeeper-bin
mountPath: /tmp/zookeeper.sh
subPath: zookeeper.sh
readOnly: true
- name: zookeeper-bin
mountPath: /tmp/zookeeper-liveness.sh
subPath: zookeeper-liveness.sh
readOnly: true
- name: zookeeper-bin
mountPath: /tmp/zookeeper-readiness.sh
subPath: zookeeper-readiness.sh
readOnly: true
- name: data
mountPath: {{ .Values.conf.zookeeper.config.data_directory }}
{{ if $mounts_zookeeper.volumeMounts }}{{ toYaml $mounts_zookeeper.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: etczookeeper
emptyDir: {}
- name: zookeeper-etc
secret:
secretName: zookeeper-etc
defaultMode: 0444
- name: zookeeper-bin
configMap:
name: zookeeper-bin
defaultMode: 0555
{{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }}
{{- if not .Values.storage.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: {{ .Values.storage.pvc.access_mode }}
resources:
requests:
storage: {{ .Values.storage.requests.storage }}
storageClassName: {{ .Values.storage.storage_class }}
{{- end }}
{{- end }}

View File

@ -1,271 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for zookeeper.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
images:
tags:
zookeeper: docker.io/zookeeper:3.5.5
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
image_repo_sync: docker.io/docker:17.07.0
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
zookeeper:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
security_context:
zookeeper:
pod:
runAsUser: 1000
fsGroup: 1000
container:
zookeeper_perms:
runAsUser: 0
fsGroup: 1000
readOnlyRootFilesystem: false
zookeeper:
runAsUser: 1000
fsGroup: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
mounts:
zookeeper:
zookeeper:
init_container: null
replicas:
zookeeper: 3
lifecycle:
upgrades:
statefulsets:
pod_replacement_strategy: RollingUpdate
termination_grace_period:
zookeeper:
timeout: 30
resources:
enabled: false
zookeeper:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
zookeeper:
name: zookeeper
namespace: null
auth:
admin:
username: admin
password: changeme
hosts:
default: zookeeper-int
discovery: zookeeper-discovery
public: zookeeper
host_fqdn_override:
default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: null
scheme:
default: 'http'
port:
client:
default: 2181
election:
default: 3888
server:
default: 2888
jmx_exporter:
default: 9404
zookeeper_exporter:
default: 9141
kafka:
auth:
admin:
username: admin
password: changeme
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- zookeeper-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
zookeeper:
services: null
monitoring:
prometheus:
enabled: true
zookeeper:
scrape: true
jmx:
scrape: true
network:
zookeeper:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/session-cookie-name: kube-ingress-session-zookeeper
nginx.ingress.kubernetes.io/session-cookie-hash: sha1
nginx.ingress.kubernetes.io/session-cookie-expires: "600"
nginx.ingress.kubernetes.io/session-cookie-max-age: "600"
node_port:
enabled: false
port: 30981
network_policy:
zookeeper:
ingress:
- {}
egress:
- {}
secrets:
tls:
zookeeper:
zookeeper:
public: zookeeper-tls-public
zookeeper:
admin: zookeeper-admin-creds
storage:
enabled: true
pvc:
name: zookeeper-pvc
access_mode: ["ReadWriteOnce"]
requests:
storage: 5Gi
storage_class: general
manifests:
configmap_bin: true
configmap_etc: true
ingress: true
job_image_repo_sync: true
network_policy: false
secret_ingress_tls: true
secret_kafka: true
secret_zookeeper: true
service_discovery: true
service_ingress: true
service: true
statefulset: true
conf:
zookeeper:
config:
data_directory: /var/lib/zookeeper/data
data_log_directory: /var/lib/zookeeper/data/datalog
log_directory: /var/lib/zookeeper/data/logs
template: |
{{- $domain := tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
{{- $electionPort := tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $clientPort := tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $serverPort := tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
tickTime=2000
dataDir={{ .Values.conf.zookeeper.config.data_directory }}
dataLogDir={{ .Values.conf.zookeeper.config.data_log_directory }}
logDir={{ .Values.conf.zookeeper.config.log_directory }}
electionPort={{ $electionPort }}
serverPort={{ $serverPort }}
maxClientCnxns=10
initLimit=15
syncLimit=5
{{- range $podInt := until ( atoi (print .Values.pod.replicas.zookeeper ) ) }}
{{- $ensembleCount := add $podInt 1 }}
server.{{$ensembleCount}}=zookeeper-{{$podInt}}.{{$domain}}:{{$serverPort}}:{{$electionPort}}:participant;{{$clientPort}}
{{- end }}
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
jaas:
template: |
{{- $admin := .Values.endpoints.kafka.auth.admin }}
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_{{ $admin.username }}={{ $admin.password | quote }}
{{- printf ";" }}
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username={{ $admin.username | quote }}
password={{ $admin.password | quote }}
{{- printf ";" }}
};
jvm_options:
- -Djava.security.auth.login.config=/conf/jaas.conf
...

View File

@ -88,7 +88,6 @@
- ./tools/deployment/multinode/125-fluentbit.sh
- ./tools/deployment/multinode/130-fluentd.sh
- ./tools/deployment/multinode/140-kibana.sh
- ./tools/deployment/multinode/160-zookeeper.sh
- ./tools/deployment/multinode/170-postgresql.sh
- ./tools/deployment/multinode/600-grafana-selenium.sh || true
- ./tools/deployment/multinode/610-nagios-selenium.sh || true