diff --git a/examples/monitoring/README.md b/examples/monitoring/README.md new file mode 100644 index 0000000..3de795b --- /dev/null +++ b/examples/monitoring/README.md @@ -0,0 +1,46 @@ +# Monitoring (JMX/Prometheus/Grafana) +In this example, we deploy an RBAC enabled Confluent cluster with Prometheus/Grafana integration. + +## Deploy Stack +From within this present directory(./examples/monitoring), run the following command: + +```shell +kubectl apply -k ../../kustomize/crds && sleep 1 && kubectl apply -k . +``` + +Once all the the pods are in a 'Running' status, we can start to investigate the rest of the stack. + +## Prometheus +Prometheus has a UI you can view by forwarding port 9090 with the following command, and then accessing `http://127.0.0.1:9090` from a local browser. +```shell +kubectl port-forward \ +$(kubectl get pods -n sandbox -l app=prometheus -l component=server -o name) \ +9090 --namespace sandbox +``` + +If you navigate to `http://localhost:9090/targets` you should hopefully see a screen such as this which indicates that Prometheus is successfully scraping from the Confluent Services +![](../../resources/images/prometheus_targets.png)0 + +The configuration file for Prometheus can be found at `./examples/monitoring/prometheus/server/cm.yaml` + +## Grafana +Grafana's Web UI runs on port 3000. Similar to Prometheus, forward that port to your local machines with the following command: +```shell +kubectl port-forward \ +$(kubectl get pods -n sandbox kubectl get pods -n sandbox -l app.kubernetes.io/component=grafana -o name) \ +3000 --namespace sandbox +``` + +Navigate to http://localhost:3000 + +You will need to login with the username 'admin' and the password 'password'. At the home screen you will see a dashboard called 'Confluent Platform'. Click on this +![](../../resources/images/grafana-dashboard.png) + +This dashboard will display various metrics/alerts for the various Confluent services. This dashboard has been captured in code, and can be edited at `./examples/grafana/dashboards.yaml` +![](../../resources/images/grafana-dashboard2.png) + + + + + + diff --git a/examples/monitoring/confluent/control-centre.yaml b/examples/monitoring/confluent/control-centre.yaml new file mode 100644 index 0000000..05ca132 --- /dev/null +++ b/examples/monitoring/confluent/control-centre.yaml @@ -0,0 +1,42 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + authorization: + type: rbac + tls: + secretRef: tls-group1 + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-connect + tls: + enabled: true + mds: + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-c3 + tls: + enabled: true + connect: + - name: connect + url: https://connect.sandbox.svc.cluster.local:8083 + tls: + enabled: true + ksqldb: + - name: ksqldb + url: https://ksqldb.sandbox.svc.cluster.local:8088 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + enabled: true \ No newline at end of file diff --git a/examples/monitoring/confluent/kafka-connect.yaml b/examples/monitoring/confluent/kafka-connect.yaml new file mode 100644 index 0000000..23a0939 --- /dev/null +++ b/examples/monitoring/confluent/kafka-connect.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + tls: + secretRef: tls-group1 + authorization: + type: rbac + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-connect + tls: + enabled: true + mds: + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-connect diff --git a/examples/monitoring/confluent/kafka.yaml b/examples/monitoring/confluent/kafka.yaml new file mode 100644 index 0000000..bd56b96 --- /dev/null +++ b/examples/monitoring/confluent/kafka.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 + - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + tls: + secretRef: tls-group1 + metricReporter: + enabled: true + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + listeners: + internal: + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + external: + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + authorization: + type: rbac + superUsers: + - User:kafka + services: + mds: + tls: + enabled: true + tokenKeyPair: + secretRef: broker-credential + provider: + type: ldap + ldap: + address: ldap://ldap.sandbox.svc.cluster.local:389 + authentication: + type: simple + simple: + secretRef: broker-credential + tls: + enabled: true + configurations: + groupNameAttribute: cn + groupObjectClass: groupOfNames + groupMemberAttribute: member + groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com + groupSearchBase: ou=groups,dc=test,dc=com + userNameAttribute: cn + userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com + userObjectClass: organizationalRole + userSearchBase: ou=users,dc=test,dc=com + dependencies: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: broker-credential + zookeeper: + endpoint: zookeeper.sandbox.svc.cluster.local:2182 + authentication: + type: digest + jaasConfig: + secretRef: broker-credential + tls: + enabled: true diff --git a/examples/monitoring/confluent/ksqldb.yaml b/examples/monitoring/confluent/ksqldb.yaml new file mode 100644 index 0000000..f8008ae --- /dev/null +++ b/examples/monitoring/confluent/ksqldb.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + authorization: + type: rbac + tls: + secretRef: tls-group1 + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-connect + tls: + enabled: true + mds: + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-ksqldb + tls: + enabled: true \ No newline at end of file diff --git a/examples/monitoring/confluent/kustomization.yaml b/examples/monitoring/confluent/kustomization.yaml new file mode 100644 index 0000000..c54e747 --- /dev/null +++ b/examples/monitoring/confluent/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- ldap.yaml +- namespace.yaml +- ../../../kustomize/base/confluent +- ../../../kustomize/base/secrets-tls +- ../../../kustomize/base/secrets-user +patchesStrategicMerge: + - zookeeper.yaml + - kafka.yaml + - rest-class.yaml + - control-centre.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml diff --git a/examples/monitoring/confluent/ldap.yaml b/examples/monitoring/confluent/ldap.yaml new file mode 100644 index 0000000..8110e93 --- /dev/null +++ b/examples/monitoring/confluent/ldap.yaml @@ -0,0 +1,171 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ldap + labels: + role: ldap + app: ldap +spec: + containers: + - name: ldap + args: + - --copy-service + - --loglevel=debug + image: osixia/openldap:1.3.0 + ports: + - name: ldap + containerPort: 389 + - name: ldaps + containerPort: 636 + livenessProbe: + tcpSocket: + port: 389 + initialDelaySeconds: 15 + periodSeconds: 20 + env: + - name: LDAP_ORGANISATION + value: "Test Inc." + - name: LDAP_DOMAIN + value: "test.com" + - name: LDAP_ADMIN_PASSWORD + value: "confluentrox" + - name: LDAP_CONFIG_PASSWORD + value: "confluentconfigrox" + - name: LDAP_READONLY_USER + value: "True" + - name: LDAP_READONLY_USER_USERNAME + value: "mds" + - name: LDAP_READONLY_USER_PASSWORD + value: "Developer!" + - name: LDAP_TLS + value: "False" + volumeMounts: + - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom + name: customldif + - mountPath: /var/lib/ldap + name: ldap-data + - mountPath: /etc/ldap/slapd.d + name: ldap-config + volumes: + - name: customldif + configMap: + defaultMode: 420 + name: ldap-ldifs + - name: ldap-data + emptyDir: {} + - name: ldap-config + emptyDir: {} + restartPolicy: Always +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ldap-ldifs +data: + 0_groups.ldif: |- + dn: ou=groups,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: groups + 0_users.ldif: |- + dn: ou=users,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: users + 1_emmy.ldif: |- + dn: cn=emmy,ou=users,dc=test,dc=com + userPassword: emmy-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. + cn: emmy + 1_alice.ldif: |- + dn: cn=alice,ou=users,dc=test,dc=com + userPassword: alice-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Alice is great at changing perspectives, but sometimes chases down rabbit holes + cn: alice + 1_developers.ldif: |- + dn: cn=developers,ou=groups,dc=test,dc=com + objectClass: top + objectClass: groupOfNames + description: A group of software developers and the apps they are responsible for + cn: developers + member: cn=emmy,ou=users,dc=test,dc=com + member: cn=alice,ou=users,dc=test,dc=com + 1_kafka.ldif: |- + dn: cn=kafka,ou=users,dc=test,dc=com + userPassword: kafka-secret + description: kafka user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: kafka + 1_erp.ldif: |- + dn: cn=erp,ou=users,dc=test,dc=com + userPassword: erp-secret + description: erp user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: erp + 1_sr.ldif: |- + dn: cn=sr,ou=users,dc=test,dc=com + userPassword: sr-secret + description: schema registry user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: sr + 1_c3.ldif: |- + dn: cn=c3,ou=users,dc=test,dc=com + userPassword: c3-secret + description: control center user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: c3 + 1_ksql.ldif: |- + dn: cn=ksql,ou=users,dc=test,dc=com + userPassword: ksql-secret + description: ksql user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: ksql + 1_connect.ldif: |- + dn: cn=connect,ou=users,dc=test,dc=com + userPassword: connect-secret + description: connect user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: connect + 1_replicator.ldif: |- + dn: cn=replicator,ou=users,dc=test,dc=com + userPassword: replicator-secret + description: replicator user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: replicator + 1_c3-test.ldif: |- + dn: cn=testadmin,ou=users,dc=test,dc=com + userPassword: testadmin + description: testadmin user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: testadmin +--- +apiVersion: v1 +kind: Service +metadata: + name: ldap + labels: + app: ldap +spec: + ports: + - port: 389 + name: ldap + - port: 636 + name: ldaps + clusterIP: None + selector: + app: ldap + + + diff --git a/examples/monitoring/confluent/namespace.yaml b/examples/monitoring/confluent/namespace.yaml new file mode 100644 index 0000000..6b30586 --- /dev/null +++ b/examples/monitoring/confluent/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sandbox diff --git a/examples/monitoring/confluent/rest-class.yaml b/examples/monitoring/confluent/rest-class.yaml new file mode 100644 index 0000000..56ea65d --- /dev/null +++ b/examples/monitoring/confluent/rest-class.yaml @@ -0,0 +1,10 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: rest-credential \ No newline at end of file diff --git a/examples/monitoring/confluent/schema-registry.yaml b/examples/monitoring/confluent/schema-registry.yaml new file mode 100644 index 0000000..ddb59cf --- /dev/null +++ b/examples/monitoring/confluent/schema-registry.yaml @@ -0,0 +1,28 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + authorization: + type: rbac + tls: + secretRef: tls-group1 + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-sr + tls: + enabled: true + mds: + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-sr + tls: + enabled: true \ No newline at end of file diff --git a/examples/monitoring/confluent/zookeeper.yaml b/examples/monitoring/confluent/zookeeper.yaml new file mode 100644 index 0000000..73286c2 --- /dev/null +++ b/examples/monitoring/confluent/zookeeper.yaml @@ -0,0 +1,11 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + authentication: + type: digest + jaasConfig: + secretRef: zk-credential + tls: + secretRef: tls-group1 diff --git a/examples/monitoring/grafana/configmap.yaml b/examples/monitoring/grafana/configmap.yaml new file mode 100644 index 0000000..7752041 --- /dev/null +++ b/examples/monitoring/grafana/configmap.yaml @@ -0,0 +1,24 @@ +--- +# Source: grafana/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: oso-grafana-envvars + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +data: + GF_SECURITY_ADMIN_USER: "admin" + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" diff --git a/examples/monitoring/grafana/dashboard-config.yaml b/examples/monitoring/grafana/dashboard-config.yaml new file mode 100644 index 0000000..8cc2884 --- /dev/null +++ b/examples/monitoring/grafana/dashboard-config.yaml @@ -0,0 +1,24 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboard-config +data: + config.yaml: | + apiVersion: 1 + providers: + - name: 'oso-provider' + orgId: 1 + folder: 'confluent-examples' + type: file + disableDeletion: true + updateIntervalSeconds: 10 + allowUiUpdates: true + options: + path: /opt/bitnami/grafana/conf/provisioning/dashboard-source + foldersFromFilesStructure: true diff --git a/examples/monitoring/grafana/dashboards.yaml b/examples/monitoring/grafana/dashboards.yaml new file mode 100644 index 0000000..99e7c2e --- /dev/null +++ b/examples/monitoring/grafana/dashboards.yaml @@ -0,0 +1,4458 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboards +data: + confluent-platform.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 2, + "iteration": 1631707196139, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 137, + "panels": [], + "title": "Disk", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 1 + }, + "hiddenSeries": false, + "id": 132, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "io_confluent_caas_volumemetrics_used{ platform_confluent_io_type=~\"kafka\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Used {{kubernetes_pod_name }}", + "refId": "A" + }, + { + "exemplar": true, + "expr": "io_confluent_caas_volumemetrics_total{ platform_confluent_io_type=~\"kafka\",kubernetes_namespace=~\"$namespace\"}", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Total {{kubernetes_pod_name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1769", + "format": "decbytes", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1770", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Kafka Broker Pods Disk Usage", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 11, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 83, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "io_confluent_caas_volumemetrics_percentused{ platform_confluent_io_type=~\"kafka\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage (Percentage)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1769", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1770", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Kafka Broker Pods Disk Usage", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 13, + "x": 11, + "y": 12 + }, + "hiddenSeries": false, + "id": 138, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "io_confluent_caas_volumemetrics_percentavailable{ platform_confluent_io_type=~\"kafka\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Availabe (Percentage)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1769", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1770", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 127, + "panels": [], + "title": "CPU/Mem", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Aggregated Kafka Broker Pods CPU Usage", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 22 + }, + "hiddenSeries": false, + "id": 128, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(rate (container_cpu_usage_seconds_total{pod=~\"$component_name-(\\\\d+)\"}[5m])) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Kafka Broker Pods Memory Usage", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 22 + }, + "hiddenSeries": false, + "id": 82, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(container_memory_usage_bytes{pod=~\"$component_name-(\\\\d+)\"}) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 28, + "panels": [], + "repeat": null, + "title": "Confluent Server", + "type": "row" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of Brokers Online", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "#299c46", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 30 + }, + "id": 46, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "repeat": null, + "repeatDirection": "h", + "targets": [ + { + "expr": "count(kafka_server_replicamanager_value{name=\"LeaderCount\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Brokers Online", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of active controllers in the cluster.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "#e5ac0e", + "value": 2 + }, + { + "color": "#bf1b00" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 30 + }, + "id": 36, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(sum(kafka_controller_kafkacontroller_value{name=\"ActiveControllerCount\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"}))", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Active Controllers", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Unclean leader election rate", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 2 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 8, + "y": 30 + }, + "id": 38, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_controller_controllerstats_oneminuterate{name=~\"UncleanLeaderElectionsPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Unclean Leader Election Rate", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Partitions that are online", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "#299c46", + "value": 0 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 12, + "y": 30 + }, + "id": 40, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_server_replicamanager_value{name=~\"PartitionCount\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Online Partitions", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of under-replicated partitions (| ISR | < | all replicas |).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#508642", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#bf1b00", + "value": 5 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 16, + "y": 30 + }, + "id": 30, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_server_replicamanager_value{name=~\"UnderReplicatedPartitions\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "refId": "A" + } + ], + "title": "Under Replicated Partitions", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of partitions that don’t have an active leader and are hence not writable or readable.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#508642", + "value": null + }, + { + "color": "#ef843c", + "value": 1 + }, + { + "color": "#bf1b00", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 30 + }, + "id": 32, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_server_replicamanager_value{name=~\"OfflineReplicaCount\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Offline Partitions Count", + "type": "stat" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Byte Rate", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 34 + }, + "hiddenSeries": false, + "id": 44, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=\"BytesInPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "hide": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "Incoming Byte Rate", + "refId": "A" + }, + { + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=\"BytesOutPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Outgoing Byte Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Byte Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "bytes", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 34 + }, + "hiddenSeries": false, + "id": 58, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=\"MessagesInPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{Messages In Per Second}}", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Messages In Per Second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Request Handler Avg Idle Percent", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 41 + }, + "hiddenSeries": false, + "id": 62, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "kafka_server_kafkarequesthandlerpool_oneminuterate{name=~\"RequestHandlerAvgIdlePercent\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"}*100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request Handler Avg Idle Percent", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Produce Request Rate.", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 42 + }, + "hiddenSeries": false, + "id": 50, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=\"TotalProduceRequestsPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Total Produce Request Rate", + "refId": "A" + }, + { + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=\"FailedProduceRequestsPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Failed Produce Request Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Produce Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Fetch Request Rate", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 49 + }, + "hiddenSeries": false, + "id": 56, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=~\"TotalFetchRequestsPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Fetch Request Rate", + "refId": "A" + }, + { + "expr": "sum(kafka_server_brokertopicmetrics_oneminuterate{name=~\"FailedFetchRequestsPerSec\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Failed Fetch Request Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Fetch Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Network Processor Avg Idle Percent", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 50 + }, + "hiddenSeries": false, + "id": 60, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "kafka_network_socketserver_value{name=~\"NetworkProcessorAvgIdlePercent\",kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"kafka\"}*100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Processor Avg Idle Percent", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 58 + }, + "id": 26, + "panels": [], + "repeat": null, + "title": "Confluent Zookeeper", + "type": "row" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Quorum Size of Zookeeper ensemble", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 2 + }, + { + "color": "#299c46", + "value": 3 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 59 + }, + "id": 52, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "avg({__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_quorumsize\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Quorum Size", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of Alive Connections", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "#d44a3a", + "value": 120 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 59 + }, + "id": 54, + "interval": "", + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum({__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_numaliveconnections\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Alive Connections", + "type": "stat" + }, + { + "alert": { + "conditions": [ + { + "evaluator": { + "params": [ + 10 + ], + "type": "gt" + }, + "operator": { + "type": "and" + }, + "query": { + "params": [ + "A", + "5m", + "now" + ] + }, + "reducer": { + "params": [], + "type": "avg" + }, + "type": "query" + } + ], + "executionErrorState": "alerting", + "for": "0m", + "frequency": "60s", + "handler": 1, + "name": "Outstanding Requests alert", + "noDataState": "no_data", + "notifications": [] + }, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Number of queued requests in the server. This goes up when the server receives more requests than it can process", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 16, + "x": 8, + "y": 59 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_outstandingrequests\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"} ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}-{{name2}}", + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 10, + "visible": true + } + ], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Outstanding Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 500 + }, + { + "color": "#d44a3a", + "value": 800 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 63 + }, + "id": 64, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "avg({__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_nodecount\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Number of ZNodes", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of Watchers", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 100 + }, + { + "color": "#d44a3a", + "value": 200 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 63 + }, + "id": 66, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum({__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_watchcount\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Number of Watchers", + "type": "stat" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Amount of time it takes for the server to respond to a client request", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 67 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_minrequestlatency\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request Latency - Minimum", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Zookeeper Disk Usage (txnlog)", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 67 + }, + "hiddenSeries": false, + "id": 122, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kubelet_volume_stats_used_bytes{persistentvolumeclaim=~\"txnlog-$component_name.*\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{persistentvolumeclaim}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage (txnlog)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:2848", + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:2849", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "alert": { + "conditions": [ + { + "evaluator": { + "params": [ + 20 + ], + "type": "gt" + }, + "operator": { + "type": "and" + }, + "query": { + "params": [ + "A", + "5m", + "now" + ] + }, + "reducer": { + "params": [], + "type": "avg" + }, + "type": "query" + } + ], + "executionErrorState": "alerting", + "frequency": "60s", + "handler": 1, + "name": "Request Latency - Maximum alert", + "noDataState": "no_data", + "notifications": [] + }, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Amount of time it takes for the server to respond to a client request", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 74 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_maxrequestlatency\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 20, + "visible": true + } + ], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request Latency - Maximum", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "alert": { + "conditions": [ + { + "evaluator": { + "params": [ + 10 + ], + "type": "gt" + }, + "operator": { + "type": "and" + }, + "query": { + "params": [ + "A", + "5m", + "now" + ] + }, + "reducer": { + "params": [], + "type": "avg" + }, + "type": "query" + } + ], + "executionErrorState": "alerting", + "frequency": "60s", + "handler": 1, + "name": "Request Latency - Average alert", + "noDataState": "no_data", + "notifications": [] + }, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Amount of time it takes for the server to respond to a client request", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 75 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"org_apache_zookeeperservice_replicatedserver_.*_avgrequestlatency\", platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 10, + "visible": true + } + ], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request Latency - Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 83 + }, + "id": 97, + "panels": [], + "repeat": null, + "title": "Confluent Connect/Replicator", + "type": "row" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1000000000 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 84 + }, + "id": 99, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_connector_count{ platform_confluent_io_type=~\"zookeeper\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name}}", + "refId": "A" + } + ], + "title": "Number of Connectors", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The total number of connector starts that succeeded.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 100000000 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 84 + }, + "id": 103, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_connector_startup_success_total{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Connector Startup Success Total", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The total number of connector starts that failed.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#d44a3a", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 8, + "y": 84 + }, + "id": 104, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_connector_startup_failure_total{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Connector Startup Failure Total", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 10000000000 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 12, + "y": 84 + }, + "id": 101, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_task_count{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Number of Tasks", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The total number of task starts that succeeded.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 10000000000 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 16, + "y": 84 + }, + "id": 105, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_task_startup_success_total{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Task Startup Success Total", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The total number of task starts that failed.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#d44a3a", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 84 + }, + "id": 106, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum(kafka_connect_connect_worker_metrics_task_startup_failure_total{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Task Startup Failure Total", + "type": "stat" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 88 + }, + "hiddenSeries": false, + "id": 93, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_connect_connect_metrics_io_ratio{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Connect Metrics: IO Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 88 + }, + "hiddenSeries": false, + "id": 91, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_connect_connect_metrics_incoming_byte_rate{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Connect Metrics: Incoming Byte Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 88 + }, + "hiddenSeries": false, + "id": 95, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_connect_connect_metrics_network_io_rate{ platform_confluent_io_type=~\"connect\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Connect Metrics: Network IO Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": true, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 95 + }, + "id": 110, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Total number of bytes consumed.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 34 + }, + "hiddenSeries": false, + "id": 108, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_bytes_consumed_total\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "hide": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Bytes Consumed", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Messages consumed per second.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 34 + }, + "hiddenSeries": false, + "id": 114, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_messages_consumed_per_sec\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Messages Consumed", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Messages produced per second.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 34 + }, + "hiddenSeries": false, + "id": 116, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_messages_produced_per_sec\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Messages Produced", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Number of active queries.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 40 + }, + "hiddenSeries": false, + "id": 118, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_num_active_queries\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Active Queries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Number of idle queries.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 40 + }, + "hiddenSeries": false, + "id": 119, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_num_idle_queries\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Idle Queries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Number of persistent queries.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 40 + }, + "hiddenSeries": false, + "id": 120, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "{__name__=~\"io_confluent_ksql_metrics_confluent_ksql_engine_query_stats_num_persistent_queries\", platform_confluent_io_type=~\"ksqldb\",kubernetes_namespace=~\"$namespace\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KSQL Metrics: Persistent Queries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Confluent ksqlDB Server", + "type": "row" + }, + { + "collapsed": true, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 96 + }, + "id": 79, + "panels": [ + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Number of Kafka Schema Registry servers", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 5, + "x": 0, + "y": 35 + }, + "id": 123, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "exemplar": true, + "expr": "count({__name__=~\"schemaregistry_.*_jetty_metrics_connections_active\", platform_confluent_io_type=~\"schemaregistry\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Number of Kafka Schema Registry servers", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "Total number of active TCP connections.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "#299c46", + "value": 0 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 5, + "x": 5, + "y": 35 + }, + "id": 73, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "sum({__name__=~\"schemaregistry_.*_jetty_metrics_connections_active\", platform_confluent_io_type=~\"schemaregistry\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Active Connections", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The average rate per second of opened TCP connections.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 50 + }, + { + "color": "#d44a3a", + "value": 100 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 5, + "x": 10, + "y": 35 + }, + "id": 74, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "avg({__name__=~\"schemaregistry_.*_jetty_metrics_connections_opened_rate\", platform_confluent_io_type=~\"schemaregistry\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Open Rate", + "type": "stat" + }, + { + "cacheTimeout": null, + "datasource": "prometheus", + "description": "The average rate per second of closed TCP connections.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 50 + }, + { + "color": "#d44a3a", + "value": 100 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 5, + "x": 15, + "y": 35 + }, + "id": 75, + "interval": null, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "expr": "avg({__name__=~\"schemaregistry_.*_jetty_metrics_connections_closed_rate\", platform_confluent_io_type=~\"schemaregistry\",kubernetes_namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Close Rate", + "type": "stat" + } + ], + "title": "Confluent Schema Registry", + "type": "row" + }, + { + "collapsed": true, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 97 + }, + "id": 125, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 30 + }, + "hiddenSeries": false, + "id": 130, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.2", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "confluent_controlcenter_healthcheck_streams_status{kubernetes_namespace=~\"$namespace\",platform_confluent_io_type=~\"controlcenter\"}", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "Healthcheck Streams Status" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Healthcheck Streams Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:2476", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:2477", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Confluent ControlCenter", + "type": "row" + } + ], + "schemaVersion": 30, + "style": "dark", + "tags": [ + "6.0.x", + "6.1.x", + "6.2.x" + ], + "templating": { + "list": [ + { + "allValue": ".+", + "current": { + "selected": true, + "text": "sandbox", + "value": "sandbox" + }, + "datasource": "prometheus", + "definition": "label_values(kubernetes_namespace)", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kubernetes_namespace)", + "refId": "Prometheus-namespace-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Confluent Platform", + "uid": "hLZApsInk", + "version": 1 + } diff --git a/examples/monitoring/grafana/datasources.yaml b/examples/monitoring/grafana/datasources.yaml new file mode 100644 index 0000000..816d4d6 --- /dev/null +++ b/examples/monitoring/grafana/datasources.yaml @@ -0,0 +1,22 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-datasources +data: + prometheus.yml: | + apiVersion: 1 + datasources: + - access: 'proxy' + editable: true + is_default: true + name: 'prometheus' + org_id: 1 + type: 'prometheus' + url: 'http://oso-prometheus-server.sandbox.svc.cluster.local:80' + version: 1 \ No newline at end of file diff --git a/examples/monitoring/grafana/deployment.yaml b/examples/monitoring/grafana/deployment.yaml new file mode 100644 index 0000000..d4dc9db --- /dev/null +++ b/examples/monitoring/grafana/deployment.yaml @@ -0,0 +1,118 @@ +--- +# Source: grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana + annotations: + checksum/secret: 071b561f1f90acdf28cf77c354e8db5aa60fe52dc656c5f175e72a7aed28abe5 + checksum/config: ca8b427900a3dcdd9888348a7e0abc43422f5e557b57164c9464a5b5c0e0e957 + checksum/dashboard-provider: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + spec: + serviceAccountName: oso-grafana + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + runAsUser: 1001 + fsGroup: 1001 + runAsNonRoot: true + containers: + - name: grafana + image: docker.io/bitnami/grafana:8.1.2-debian-10-r6 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: oso-grafana-envvars + env: + - name: GF_INSTALL_PLUGINS + value: "grafana-piechart-panel" + - name: GF_SECURITY_ADMIN_USER + value: "admin" + - name: GF_SECURITY_ADMIN_PASSWORD + value: "password" + - name: GF_USERS_ALLOW_SIGN_UP + value: "false" + volumeMounts: + - name: data + mountPath: /opt/bitnami/grafana/data + - name: data-sources + mountPath: /opt/bitnami/grafana/conf/provisioning/datasources + - name: dashboard-config + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards + - name: dashboards + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboard-source + ports: + - name: dashboard + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: {} + requests: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: oso-grafana + - name: data-sources + configMap: + name: oso-grafana-server-datasources + - name: dashboards + configMap: + name: oso-grafana-server-dashboards + - name: dashboard-config + configMap: + name: oso-grafana-server-dashboard-config diff --git a/examples/monitoring/grafana/kustomization.yaml b/examples/monitoring/grafana/kustomization.yaml new file mode 100644 index 0000000..8615b5a --- /dev/null +++ b/examples/monitoring/grafana/kustomization.yaml @@ -0,0 +1,11 @@ +namespace: sandbox +resources: +- configmap.yaml +- datasources.yaml +- dashboards.yaml +- dashboard-config.yaml +- deployment.yaml +- pvc.yaml +- secret.yaml +- service.yaml +- serviceaccount.yaml diff --git a/examples/monitoring/grafana/pvc.yaml b/examples/monitoring/grafana/pvc.yaml new file mode 100644 index 0000000..9a0f348 --- /dev/null +++ b/examples/monitoring/grafana/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: grafana/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" diff --git a/examples/monitoring/grafana/secret.yaml b/examples/monitoring/grafana/secret.yaml new file mode 100644 index 0000000..7734e43 --- /dev/null +++ b/examples/monitoring/grafana/secret.yaml @@ -0,0 +1,16 @@ +--- +# Source: grafana/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oso-grafana-admin + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +type: Opaque +data: + GF_SECURITY_ADMIN_PASSWORD: "T2gwaGk1a3NNcA==" diff --git a/examples/monitoring/grafana/service.yaml b/examples/monitoring/grafana/service.yaml new file mode 100644 index 0000000..b7e327e --- /dev/null +++ b/examples/monitoring/grafana/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: dashboard + protocol: TCP + name: http + nodePort: null + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana diff --git a/examples/monitoring/grafana/serviceaccount.yaml b/examples/monitoring/grafana/serviceaccount.yaml new file mode 100644 index 0000000..31d011f --- /dev/null +++ b/examples/monitoring/grafana/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +# Source: grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm +secrets: + - name: oso-grafana-admin diff --git a/examples/monitoring/kustomization.yaml b/examples/monitoring/kustomization.yaml new file mode 100644 index 0000000..0e09071 --- /dev/null +++ b/examples/monitoring/kustomization.yaml @@ -0,0 +1,8 @@ +namespace: sandbox +resources: + - confluent + - operator + - rolebindings + - grafana + - prometheus + - producer diff --git a/examples/monitoring/operator/deployment.yaml b/examples/monitoring/operator/deployment.yaml new file mode 100644 index 0000000..71998eb --- /dev/null +++ b/examples/monitoring/operator/deployment.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: confluent-operator +spec: + template: + spec: + containers: + - args: + - --debug=false + - --namespaces=sandbox + name: confluent-operator diff --git a/examples/monitoring/operator/kustomization.yaml b/examples/monitoring/operator/kustomization.yaml new file mode 100644 index 0000000..339e199 --- /dev/null +++ b/examples/monitoring/operator/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: sandbox +resources: +- ../../../kustomize/base/operator +patchesStrategicMerge: + - deployment.yaml \ No newline at end of file diff --git a/examples/monitoring/producer/generate_propery.sh b/examples/monitoring/producer/generate_propery.sh new file mode 100755 index 0000000..00e4a7a --- /dev/null +++ b/examples/monitoring/producer/generate_propery.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +kubectl create secret generic kafka-client-config \ +--from-file=kafka.properties=./kafka.properties \ +--dry-run=client --output=yaml > ./kafka-client-config.yaml \ No newline at end of file diff --git a/examples/monitoring/producer/kafka-client-config.yaml b/examples/monitoring/producer/kafka-client-config.yaml new file mode 100644 index 0000000..578dcbe --- /dev/null +++ b/examples/monitoring/producer/kafka-client-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kafka.properties: Ym9vdHN0cmFwLnNlcnZlcnM9a2Fma2Euc2FuZGJveC5zdmMuY2x1c3Rlci5sb2NhbDo5MDcxCnNhc2wuamFhcy5jb25maWc9b3JnLmFwYWNoZS5rYWZrYS5jb21tb24uc2VjdXJpdHkucGxhaW4uUGxhaW5Mb2dpbk1vZHVsZSByZXF1aXJlZCB1c2VybmFtZT1rYWZrYSBwYXNzd29yZD1rYWZrYS1zZWNyZXQ7CnNhc2wubWVjaGFuaXNtPVBMQUlOCnNlY3VyaXR5LnByb3RvY29sPVNBU0xfU1NMCnNzbC50cnVzdHN0b3JlLmxvY2F0aW9uPS9tbnQvc3NsY2VydHMvdHJ1c3RzdG9yZS5wMTIKc3NsLnRydXN0c3RvcmUucGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk +kind: Secret +metadata: + creationTimestamp: null + name: kafka-client-config diff --git a/examples/monitoring/producer/kafka.properties b/examples/monitoring/producer/kafka.properties new file mode 100644 index 0000000..84608fd --- /dev/null +++ b/examples/monitoring/producer/kafka.properties @@ -0,0 +1,6 @@ +bootstrap.servers=kafka.sandbox.svc.cluster.local:9071 +sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=kafka password=kafka-secret; +sasl.mechanism=PLAIN +security.protocol=SASL_SSL +ssl.truststore.location=/mnt/sslcerts/truststore.p12 +ssl.truststore.password=mystorepassword \ No newline at end of file diff --git a/examples/monitoring/producer/kustomization.yaml b/examples/monitoring/producer/kustomization.yaml new file mode 100644 index 0000000..99be802 --- /dev/null +++ b/examples/monitoring/producer/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: sandbox +resources: +- source-topic.yaml +- kafka-client-config.yaml +- producer-app.yaml diff --git a/examples/monitoring/producer/producer-app.yaml b/examples/monitoring/producer/producer-app.yaml new file mode 100644 index 0000000..1e5affb --- /dev/null +++ b/examples/monitoring/producer/producer-app.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: console-producer + namespace: sandbox +spec: + serviceName: console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: console-producer + template: + metadata: + labels: + app: console-producer + spec: + containers: + - name: console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic brand-new-topic \ + --record-size 1024 \ + --throughput 5 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + - name: kafka-ssl-autogenerated + mountPath: /mnt/sslcerts + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config + - name: kafka-ssl-autogenerated + secret: + secretName: kafka-pkcs12 +--- +apiVersion: v1 +kind: Service +metadata: + name: console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/examples/monitoring/producer/source-topic.yaml b/examples/monitoring/producer/source-topic.yaml new file mode 100644 index 0000000..395a0b1 --- /dev/null +++ b/examples/monitoring/producer/source-topic.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: topic-in-source +spec: + replicas: 2 + partitionCount: 4 + kafkaClusterRef: + name: kafka + namespace: sandbox + kafkaRest: + endpoint: http://kafka.sandbox.svc.cluster.local:8090 + configs: + cleanup.policy: "delete" diff --git a/examples/monitoring/prometheus/alertmanager/clusterrole.yaml b/examples/monitoring/prometheus/alertmanager/clusterrole.yaml new file mode 100644 index 0000000..3a77abf --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/clusterrole.yaml @@ -0,0 +1,14 @@ +--- +# Source: prometheus/templates/alertmanager/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager +rules: + [] diff --git a/examples/monitoring/prometheus/alertmanager/clusterrolebinding.yaml b/examples/monitoring/prometheus/alertmanager/clusterrolebinding.yaml new file mode 100644 index 0000000..f71aa80 --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +--- +# Source: prometheus/templates/alertmanager/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager +subjects: + - kind: ServiceAccount + name: oso-prometheus-alertmanager + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: oso-prometheus-alertmanager diff --git a/examples/monitoring/prometheus/alertmanager/cm.yaml b/examples/monitoring/prometheus/alertmanager/cm.yaml new file mode 100644 index 0000000..a23ef21 --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/cm.yaml @@ -0,0 +1,23 @@ +--- +# Source: prometheus/templates/alertmanager/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager + namespace: default +data: + alertmanager.yml: | + global: {} + receivers: + - name: default-receiver + route: + group_interval: 5m + group_wait: 10s + receiver: default-receiver + repeat_interval: 3h diff --git a/examples/monitoring/prometheus/alertmanager/deploy.yaml b/examples/monitoring/prometheus/alertmanager/deploy.yaml new file mode 100644 index 0000000..2f33a7e --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/deploy.yaml @@ -0,0 +1,86 @@ +--- +# Source: prometheus/templates/alertmanager/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager + namespace: default +spec: + selector: + matchLabels: + component: "alertmanager" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + serviceAccountName: oso-prometheus-alertmanager + containers: + - name: prometheus-alertmanager + image: "quay.io/prometheus/alertmanager:v0.21.0" + imagePullPolicy: "IfNotPresent" + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/alertmanager.yml + - --storage.path=/data + - --cluster.advertise-address=[$(POD_IP)]:6783 + - --web.external-url=http://localhost:9093 + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: /-/ready + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "/data" + subPath: "" + - name: prometheus-alertmanager-configmap-reload + image: "jimmidyson/configmap-reload:v0.5.0" + imagePullPolicy: "IfNotPresent" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9093/-/reload + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + volumes: + - name: config-volume + configMap: + name: oso-prometheus-alertmanager + - name: storage-volume + persistentVolumeClaim: + claimName: oso-prometheus-alertmanager diff --git a/examples/monitoring/prometheus/alertmanager/kustomization.yaml b/examples/monitoring/prometheus/alertmanager/kustomization.yaml new file mode 100644 index 0000000..33b9ddd --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/kustomization.yaml @@ -0,0 +1,9 @@ +namespace: sandbox +resources: + - clusterrole.yaml + - clusterrolebinding.yaml + - cm.yaml + - deploy.yaml + - pvc.yaml + - service.yaml + - serviceaccount.yaml \ No newline at end of file diff --git a/examples/monitoring/prometheus/alertmanager/pvc.yaml b/examples/monitoring/prometheus/alertmanager/pvc.yaml new file mode 100644 index 0000000..2d96e4d --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: prometheus/templates/alertmanager/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "2Gi" diff --git a/examples/monitoring/prometheus/alertmanager/service.yaml b/examples/monitoring/prometheus/alertmanager/service.yaml new file mode 100644 index 0000000..3a4db20 --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: prometheus/templates/alertmanager/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9093 + selector: + component: "alertmanager" + app: prometheus + release: oso + sessionAffinity: None + type: "ClusterIP" diff --git a/examples/monitoring/prometheus/alertmanager/serviceaccount.yaml b/examples/monitoring/prometheus/alertmanager/serviceaccount.yaml new file mode 100644 index 0000000..f57d4e5 --- /dev/null +++ b/examples/monitoring/prometheus/alertmanager/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: prometheus/templates/alertmanager/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: "alertmanager" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-alertmanager + namespace: default + annotations: + {} diff --git a/examples/monitoring/prometheus/kafka-exporter/deployment.yaml b/examples/monitoring/prometheus/kafka-exporter/deployment.yaml new file mode 100644 index 0000000..733cb8d --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/deployment.yaml @@ -0,0 +1,41 @@ +--- +# Source: prometheus-kafka-exporter/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oso-prometheus-kafka-exporter + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + release: oso + heritage: Helm +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus-kafka-exporter + release: oso + template: + metadata: + annotations: + {} + labels: + app: prometheus-kafka-exporter + release: oso + spec: + serviceAccountName: oso-prometheus-kafka-exporter + containers: + - args: + - '--log.level=info' + - '--kafka.server=kafka-server:9092' + env: + [] + name: prometheus-kafka-exporter + image: "danielqsj/kafka-exporter:v1.3.1" + imagePullPolicy: IfNotPresent + ports: + - name: exporter-port + containerPort: 9308 + protocol: TCP + resources: + {} diff --git a/examples/monitoring/prometheus/kafka-exporter/kustomization.yaml b/examples/monitoring/prometheus/kafka-exporter/kustomization.yaml new file mode 100644 index 0000000..798078b --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/kustomization.yaml @@ -0,0 +1,8 @@ +namespace: sandbox +resources: +- deployment.yaml +- podsecuritypolicy.yaml +- role.yaml +- rolebinding.yaml +- service.yaml +- serviceaccount.yaml diff --git a/examples/monitoring/prometheus/kafka-exporter/podsecuritypolicy.yaml b/examples/monitoring/prometheus/kafka-exporter/podsecuritypolicy.yaml new file mode 100644 index 0000000..2f7857d --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/podsecuritypolicy.yaml @@ -0,0 +1,39 @@ +--- +# Source: prometheus-kafka-exporter/templates/podsecuritypolicy.yaml +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: oso-prometheus-kafka-exporter + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + heritage: Helm + release: oso + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false diff --git a/examples/monitoring/prometheus/kafka-exporter/role.yaml b/examples/monitoring/prometheus/kafka-exporter/role.yaml new file mode 100644 index 0000000..f968a7c --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/role.yaml @@ -0,0 +1,16 @@ +--- +# Source: prometheus-kafka-exporter/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: oso-prometheus-kafka-exporter + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + heritage: Helm + release: oso +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [oso-prometheus-kafka-exporter] diff --git a/examples/monitoring/prometheus/kafka-exporter/rolebinding.yaml b/examples/monitoring/prometheus/kafka-exporter/rolebinding.yaml new file mode 100644 index 0000000..00322e1 --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/rolebinding.yaml @@ -0,0 +1,18 @@ +--- +# Source: prometheus-kafka-exporter/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: oso-prometheus-kafka-exporter + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + heritage: Helm + release: oso +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: oso-prometheus-kafka-exporter +subjects: +- kind: ServiceAccount + name: oso-prometheus-kafka-exporter diff --git a/examples/monitoring/prometheus/kafka-exporter/service.yaml b/examples/monitoring/prometheus/kafka-exporter/service.yaml new file mode 100644 index 0000000..f3fc34c --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/service.yaml @@ -0,0 +1,23 @@ +--- +# Source: prometheus-kafka-exporter/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: oso-prometheus-kafka-exporter + annotations: + {} + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + release: oso + heritage: Helm +spec: + type: ClusterIP + ports: + - port: 9308 + targetPort: exporter-port + protocol: TCP + name: exporter-port + selector: + app: prometheus-kafka-exporter + release: oso diff --git a/examples/monitoring/prometheus/kafka-exporter/serviceaccount.yaml b/examples/monitoring/prometheus/kafka-exporter/serviceaccount.yaml new file mode 100644 index 0000000..6a28c86 --- /dev/null +++ b/examples/monitoring/prometheus/kafka-exporter/serviceaccount.yaml @@ -0,0 +1,11 @@ +--- +# Source: prometheus-kafka-exporter/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oso-prometheus-kafka-exporter + labels: + app: prometheus-kafka-exporter + chart: prometheus-kafka-exporter-1.4.0 + release: "oso" + heritage: "Helm" diff --git a/examples/monitoring/prometheus/kustomization.yaml b/examples/monitoring/prometheus/kustomization.yaml new file mode 100644 index 0000000..7da6cf0 --- /dev/null +++ b/examples/monitoring/prometheus/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: sandbox +resources: +- server +- alertmanager +- node-exporter +#- kafka-exporter diff --git a/examples/monitoring/prometheus/node-exporter/daemonset.yaml b/examples/monitoring/prometheus/node-exporter/daemonset.yaml new file mode 100644 index 0000000..6078939 --- /dev/null +++ b/examples/monitoring/prometheus/node-exporter/daemonset.yaml @@ -0,0 +1,74 @@ +--- +# Source: prometheus/templates/node-exporter/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + component: "node-exporter" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-node-exporter + namespace: default +spec: + selector: + matchLabels: + component: "node-exporter" + app: prometheus + release: oso + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + component: "node-exporter" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + serviceAccountName: oso-prometheus-node-exporter + containers: + - name: prometheus-node-exporter + image: "quay.io/prometheus/node-exporter:v1.1.2" + imagePullPolicy: "IfNotPresent" + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --web.listen-address=:9100 + ports: + - name: metrics + containerPort: 9100 + hostPort: 9100 + resources: + {} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + - name: root + mountPath: /host/root + mountPropagation: HostToContainer + readOnly: true + hostNetwork: true + hostPID: true + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + - name: root + hostPath: + path: / diff --git a/examples/monitoring/prometheus/node-exporter/kustomization.yaml b/examples/monitoring/prometheus/node-exporter/kustomization.yaml new file mode 100644 index 0000000..c199f8e --- /dev/null +++ b/examples/monitoring/prometheus/node-exporter/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: sandbox +resources: + - daemonset.yaml + - serviceaccount.yaml + - svc.yaml \ No newline at end of file diff --git a/examples/monitoring/prometheus/node-exporter/serviceaccount.yaml b/examples/monitoring/prometheus/node-exporter/serviceaccount.yaml new file mode 100644 index 0000000..3ce4c66 --- /dev/null +++ b/examples/monitoring/prometheus/node-exporter/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: prometheus/templates/node-exporter/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: "node-exporter" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-node-exporter + namespace: default + annotations: + {} diff --git a/examples/monitoring/prometheus/node-exporter/svc.yaml b/examples/monitoring/prometheus/node-exporter/svc.yaml new file mode 100644 index 0000000..6729f84 --- /dev/null +++ b/examples/monitoring/prometheus/node-exporter/svc.yaml @@ -0,0 +1,27 @@ +--- +# Source: prometheus/templates/node-exporter/svc.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + labels: + component: "node-exporter" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-node-exporter + namespace: default +spec: + clusterIP: None + ports: + - name: metrics + port: 9100 + protocol: TCP + targetPort: 9100 + selector: + component: "node-exporter" + app: prometheus + release: oso + type: "ClusterIP" diff --git a/examples/monitoring/prometheus/pushgateway/clusterrole.yaml b/examples/monitoring/prometheus/pushgateway/clusterrole.yaml new file mode 100644 index 0000000..94fe773 --- /dev/null +++ b/examples/monitoring/prometheus/pushgateway/clusterrole.yaml @@ -0,0 +1,14 @@ +--- +# Source: prometheus/templates/pushgateway/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-pushgateway +rules: + [] diff --git a/examples/monitoring/prometheus/pushgateway/clusterrolebinding.yaml b/examples/monitoring/prometheus/pushgateway/clusterrolebinding.yaml new file mode 100644 index 0000000..8831136 --- /dev/null +++ b/examples/monitoring/prometheus/pushgateway/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +--- +# Source: prometheus/templates/pushgateway/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-pushgateway +subjects: + - kind: ServiceAccount + name: oso-prometheus-pushgateway + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: oso-prometheus-pushgateway diff --git a/examples/monitoring/prometheus/pushgateway/deploy.yaml b/examples/monitoring/prometheus/pushgateway/deploy.yaml new file mode 100644 index 0000000..b629512 --- /dev/null +++ b/examples/monitoring/prometheus/pushgateway/deploy.yaml @@ -0,0 +1,54 @@ +--- +# Source: prometheus/templates/pushgateway/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-pushgateway + namespace: default +spec: + selector: + matchLabels: + component: "pushgateway" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + serviceAccountName: oso-prometheus-pushgateway + containers: + - name: prometheus-pushgateway + image: "prom/pushgateway:v1.3.1" + imagePullPolicy: "IfNotPresent" + args: + ports: + - containerPort: 9091 + livenessProbe: + httpGet: + path: /-/healthy + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /-/ready + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + resources: + {} + securityContext: + runAsNonRoot: true + runAsUser: 65534 diff --git a/examples/monitoring/prometheus/pushgateway/service.yaml b/examples/monitoring/prometheus/pushgateway/service.yaml new file mode 100644 index 0000000..9d3723a --- /dev/null +++ b/examples/monitoring/prometheus/pushgateway/service.yaml @@ -0,0 +1,26 @@ +--- +# Source: prometheus/templates/pushgateway/service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/probe: pushgateway + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-pushgateway + namespace: default +spec: + ports: + - name: http + port: 9091 + protocol: TCP + targetPort: 9091 + selector: + component: "pushgateway" + app: prometheus + release: oso + type: "ClusterIP" diff --git a/examples/monitoring/prometheus/pushgateway/serviceaccount.yaml b/examples/monitoring/prometheus/pushgateway/serviceaccount.yaml new file mode 100644 index 0000000..5a438d1 --- /dev/null +++ b/examples/monitoring/prometheus/pushgateway/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: prometheus/templates/pushgateway/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: "pushgateway" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-pushgateway + namespace: default + annotations: + {} diff --git a/examples/monitoring/prometheus/server/clusterrole.yaml b/examples/monitoring/prometheus/server/clusterrole.yaml new file mode 100644 index 0000000..0f05d85 --- /dev/null +++ b/examples/monitoring/prometheus/server/clusterrole.yaml @@ -0,0 +1,42 @@ +--- +# Source: prometheus/templates/server/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/examples/monitoring/prometheus/server/clusterrolebinding.yaml b/examples/monitoring/prometheus/server/clusterrolebinding.yaml new file mode 100644 index 0000000..70aa7ec --- /dev/null +++ b/examples/monitoring/prometheus/server/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +--- +# Source: prometheus/templates/server/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server +subjects: + - kind: ServiceAccount + name: oso-prometheus-server + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: oso-prometheus-server diff --git a/examples/monitoring/prometheus/server/cm.yaml b/examples/monitoring/prometheus/server/cm.yaml new file mode 100644 index 0000000..32f8c41 --- /dev/null +++ b/examples/monitoring/prometheus/server/cm.yaml @@ -0,0 +1,367 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +data: + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] + - job_name: "node-exporter" + static_configs: + - targets: ["oso-prometheus-node-exporter:9100"] + - job_name: "kafka" + static_configs: + - targets: + - "kafka:7778" + labels: + env: "dev" + - job_name: "zookeeper" + static_configs: + - targets: + - "zookeeper:7778" + labels: + env: "dev" + - job_name: "connect" + static_configs: + - targets: + - "connect:7778" + labels: + env: "dev" + cluster: "cluster1" + #- job_name: "streams-demo" + # static_configs: + # - targets: + # - "streams-demo:1234" + # labels: + # env: "dev" + - job_name: "schemaregistry" + static_configs: + - targets: + - "schemaregistry:7778" + labels: + env: "dev" + - job_name: "ksqldb" + static_configs: + - targets: + - "ksqldb:7778" + labels: + env: "dev" + #- job_name: "restproxy" + # static_configs: + # - targets: + # - "restproxy:1234" + # labels: + # env: "dev" + # No producer for the moment in cp-demo + # - job_name: 'producer' + # static_configs: + # - targets: + # - 'producer:1234' + # labels: + # env: 'dev' + # No consumer for the moment in cp-demo + # - job_name: 'consumer' + # static_configs: + # - targets: + # - "consumer:1234" + # labels: + # env: 'dev' + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-apiservers + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: default;kubernetes;https + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes-cadvisor + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - job_name: kubernetes-service-endpoints + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: kubernetes_namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: kubernetes_name + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: kubernetes_node + - job_name: kubernetes-service-endpoints-slow + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: kubernetes_namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: kubernetes_name + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: kubernetes_node + scrape_interval: 5m + scrape_timeout: 30s + - honor_labels: true + job_name: prometheus-pushgateway + kubernetes_sd_configs: + - role: service + relabel_configs: + - action: keep + regex: pushgateway + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - job_name: kubernetes-services + kubernetes_sd_configs: + - role: service + metrics_path: /probe + params: + module: + - http_2xx + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - source_labels: + - __address__ + target_label: __param_target + - replacement: blackbox + target_label: __address__ + - source_labels: + - __param_target + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + target_label: kubernetes_namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: kubernetes_name + - job_name: kubernetes-pods + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_pod_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: kubernetes_namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: kubernetes_pod_name + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + - job_name: kubernetes-pods-slow + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_pod_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: kubernetes_namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: kubernetes_pod_name + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + scrape_interval: 5m + scrape_timeout: 30s + alerting: + alertmanagers: + - kubernetes_sd_configs: + - role: pod + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_namespace] + regex: default + action: keep + - source_labels: [__meta_kubernetes_pod_label_app] + regex: prometheus + action: keep + - source_labels: [__meta_kubernetes_pod_label_component] + regex: alertmanager + action: keep + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] + regex: .* + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_number] + regex: "9093" + action: keep + recording_rules.yml: | + {} + rules: | + {} diff --git a/examples/monitoring/prometheus/server/deploy.yaml b/examples/monitoring/prometheus/server/deploy.yaml new file mode 100644 index 0000000..a93fb42 --- /dev/null +++ b/examples/monitoring/prometheus/server/deploy.yaml @@ -0,0 +1,98 @@ +--- +# Source: prometheus/templates/server/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + selector: + matchLabels: + component: "server" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: prometheus-server-configmap-reload + image: "jimmidyson/configmap-reload:v0.5.0" + imagePullPolicy: "IfNotPresent" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090/-/reload + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "quay.io/prometheus/prometheus:v2.26.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + hostNetwork: false + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: oso-prometheus-server + - name: storage-volume + persistentVolumeClaim: + claimName: oso-prometheus-server diff --git a/examples/monitoring/prometheus/server/kustomization.yaml b/examples/monitoring/prometheus/server/kustomization.yaml new file mode 100644 index 0000000..2061178 --- /dev/null +++ b/examples/monitoring/prometheus/server/kustomization.yaml @@ -0,0 +1,9 @@ +namespace: sandbox +resources: +- clusterrole.yaml +- clusterrolebinding.yaml +- cm.yaml +- deploy.yaml +- pvc.yaml +- service.yaml +- serviceaccount.yaml diff --git a/examples/monitoring/prometheus/server/pvc.yaml b/examples/monitoring/prometheus/server/pvc.yaml new file mode 100644 index 0000000..e067b55 --- /dev/null +++ b/examples/monitoring/prometheus/server/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: prometheus/templates/server/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "8Gi" diff --git a/examples/monitoring/prometheus/server/service.yaml b/examples/monitoring/prometheus/server/service.yaml new file mode 100644 index 0000000..7fe17b5 --- /dev/null +++ b/examples/monitoring/prometheus/server/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: prometheus/templates/server/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + selector: + component: "server" + app: prometheus + release: oso + sessionAffinity: None + type: "ClusterIP" diff --git a/examples/monitoring/prometheus/server/serviceaccount.yaml b/examples/monitoring/prometheus/server/serviceaccount.yaml new file mode 100644 index 0000000..60e510e --- /dev/null +++ b/examples/monitoring/prometheus/server/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: prometheus/templates/server/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default + annotations: + {} diff --git a/examples/monitoring/rolebindings/connect/connect-base.yaml b/examples/monitoring/rolebindings/connect/connect-base.yaml new file mode 100644 index 0000000..a413025 --- /dev/null +++ b/examples/monitoring/rolebindings/connect/connect-base.yaml @@ -0,0 +1,45 @@ + +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-cluster-base +spec: + clustersScopeByIds: + connectClusterId: sandbox.connect + principal: + name: connect + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-resources-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: sandbox.connect + patternType: LITERAL + resourceType: Group + - name: sandbox.connect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-monitoring-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: _confluent-monitoring + patternType: PREFIXED + resourceType: Topic + role: DeveloperWrite + + diff --git a/examples/monitoring/rolebindings/connect/kustomization.yaml b/examples/monitoring/rolebindings/connect/kustomization.yaml new file mode 100644 index 0000000..6de76ef --- /dev/null +++ b/examples/monitoring/rolebindings/connect/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: sandbox +resources: + - ../../../../kustomize/base/rolebindings/connect +patchesStrategicMerge: + - connect-base.yaml \ No newline at end of file diff --git a/examples/monitoring/rolebindings/controlcenter-testadmin-rolebindings.yaml b/examples/monitoring/rolebindings/controlcenter-testadmin-rolebindings.yaml new file mode 100644 index 0000000..caca456 --- /dev/null +++ b/examples/monitoring/rolebindings/controlcenter-testadmin-rolebindings.yaml @@ -0,0 +1,70 @@ +--- +# rolebinding `testadmin-rb` allows `testadmin` to see kafkaCluster +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb +spec: + principal: + type: user + name: testadmin + role: ClusterAdmin + ## if use other kafkaRestClass except for default, need to configure accordingly + #kafkaRestClassRef: + # name: default +--- +# rolebinding `testadmin-rb-sr` allows `testadmin` to see schemaregistry information +# `schemaRegistryCllusterId` pattern: `id__` +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb-sr +spec: + principal: + type: user + name: testadmin + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_sandbox + role: ClusterAdmin + ## if use other kafkaRestClass except for default, need to configure accordingly + #kafkaRestClassRef: + # name: default +--- +# rolebinding `testadmin-rb-connect` allows `testadmin` to see connect cluster +# `connectClusterId` pattern: `.` +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb-connect +spec: + principal: + type: user + name: testadmin + clustersScopeByIds: + connectClusterId: sandbox.connect + role: SystemAdmin + ## if use other kafkaRestClass except for default, need to configure accordingly + #kafkaRestClassRef: + # name: default +--- +# rolebinding `testadmin-rb-ksql` allows `testadmin` to see ksqldb cluster +# `ksqlClusterId` pattern: `.` +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb-ksql +spec: + principal: + type: user + name: testadmin + clustersScopeByIds: + ksqlClusterId: sandbox.ksqldb_ + role: ResourceOwner + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + ## if use other kafkaRestClass except for default, need to configure accordingly + #kafkaRestClassRef: + # name: default +--- \ No newline at end of file diff --git a/examples/monitoring/rolebindings/ksqldb/ksqldb-base.yaml b/examples/monitoring/rolebindings/ksqldb/ksqldb-base.yaml new file mode 100644 index 0000000..fa8bf02 --- /dev/null +++ b/examples/monitoring/rolebindings/ksqldb/ksqldb-base.yaml @@ -0,0 +1,29 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-base +spec: + clustersScopeByIds: + ksqlClusterId: sandbox.ksqldb_ + principal: + name: ksql + type: user + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-resources-base +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-confluent.ksqldb_ + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/examples/monitoring/rolebindings/ksqldb/kustomization.yaml b/examples/monitoring/rolebindings/ksqldb/kustomization.yaml new file mode 100644 index 0000000..20a884d --- /dev/null +++ b/examples/monitoring/rolebindings/ksqldb/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: sandbox +resources: + - ../../../../kustomize/base/rolebindings/ksqldb +patchesStrategicMerge: + - ksqldb-base.yaml \ No newline at end of file diff --git a/examples/monitoring/rolebindings/kustomization.yaml b/examples/monitoring/rolebindings/kustomization.yaml new file mode 100644 index 0000000..72fb0dd --- /dev/null +++ b/examples/monitoring/rolebindings/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: sandbox +resources: + - connect + - ksqldb + - schemaregistry + - controlcenter-testadmin-rolebindings.yaml \ No newline at end of file diff --git a/examples/monitoring/rolebindings/schemaregistry/kustomization.yaml b/examples/monitoring/rolebindings/schemaregistry/kustomization.yaml new file mode 100644 index 0000000..2dd2b46 --- /dev/null +++ b/examples/monitoring/rolebindings/schemaregistry/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: sandbox +resources: + - ../../../../kustomize/base/rolebindings/schemaregistry + - test-user.yaml +patchesStrategicMerge: + - schemaregistry-base.yaml \ No newline at end of file diff --git a/examples/monitoring/rolebindings/schemaregistry/schemaregistry-base.yaml b/examples/monitoring/rolebindings/schemaregistry/schemaregistry-base.yaml new file mode 100644 index 0000000..300f7a8 --- /dev/null +++ b/examples/monitoring/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -0,0 +1,32 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-base +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_registry_sandbox + principal: + name: registry + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-mds-client-resources-base +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: _confluent-license + patternType: LITERAL + resourceType: Topic + - name: _schemas_schemaregistry_confluent + patternType: LITERAL + resourceType: Topic + - name: id_schemaregistry_confluent + patternType: LITERAL + resourceType: Group + role: ResourceOwner +--- diff --git a/examples/monitoring/rolebindings/schemaregistry/test-user.yaml b/examples/monitoring/rolebindings/schemaregistry/test-user.yaml new file mode 100644 index 0000000..3cf7dec --- /dev/null +++ b/examples/monitoring/rolebindings/schemaregistry/test-user.yaml @@ -0,0 +1,32 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: brand-new-topic +spec: + kafkaClusterRef: + name: kafka + namespace: sandbox + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client-c3 + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + configs: + confluent.key.schema.validation: "true" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: brand-new-topic +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_sandbox + principal: + name: alice + type: user + resourcePatterns: + - name: value_brand-new-topics + patternType: LITERAL + resourceType: Subject + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/operator/clusterrole.yaml b/kustomize/base/operator/clusterrole.yaml index c9b4d85..b8761cd 100644 --- a/kustomize/base/operator/clusterrole.yaml +++ b/kustomize/base/operator/clusterrole.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 name: confluent-operator namespace: default rules: diff --git a/kustomize/base/operator/clusterrolebinding.yaml b/kustomize/base/operator/clusterrolebinding.yaml index c502054..60d147e 100644 --- a/kustomize/base/operator/clusterrolebinding.yaml +++ b/kustomize/base/operator/clusterrolebinding.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 name: confluent-operator namespace: default subjects: diff --git a/kustomize/base/operator/deployment.yaml b/kustomize/base/operator/deployment.yaml index 03928cc..1e75414 100644 --- a/kustomize/base/operator/deployment.yaml +++ b/kustomize/base/operator/deployment.yaml @@ -9,8 +9,8 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 - version: 0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 + version: 0.174.13 name: confluent-operator namespace: default spec: @@ -35,7 +35,7 @@ spec: app.kubernetes.io/name: "confluent-operator" app.kubernetes.io/instance: RELEASE-NAME confluent-platform: "true" - version: 0.174.21 + version: 0.174.13 spec: securityContext: fsGroup: 1001 @@ -46,7 +46,7 @@ spec: - --debug=false - --namespaces=default name: confluent-operator - image: docker.io/confluentinc/confluent-operator:0.174.21 + image: docker.io/confluentinc/confluent-operator:0.174.13 imagePullPolicy: IfNotPresent terminationMessagePath: /dev/termination-log terminationMessagePolicy: File diff --git a/kustomize/base/operator/licensing.yaml b/kustomize/base/operator/licensing.yaml index c536271..a2219a6 100644 --- a/kustomize/base/operator/licensing.yaml +++ b/kustomize/base/operator/licensing.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 namespace: default name: confluent-operator-licensing type: Opaque diff --git a/kustomize/base/operator/service.yaml b/kustomize/base/operator/service.yaml index 430528e..b6ba389 100644 --- a/kustomize/base/operator/service.yaml +++ b/kustomize/base/operator/service.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 name: confluent-operator namespace: default spec: diff --git a/kustomize/base/operator/serviceaccount.yaml b/kustomize/base/operator/serviceaccount.yaml index 48d5063..eb68e19 100644 --- a/kustomize/base/operator/serviceaccount.yaml +++ b/kustomize/base/operator/serviceaccount.yaml @@ -11,6 +11,6 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.21 + helm.sh/chart: confluent-for-kubernetes-0.174.13 name: confluent-for-kubernetes namespace: default diff --git a/kustomize/crds/crds/platform.confluent.io_connects.yaml b/kustomize/crds/crds/platform.confluent.io_connects.yaml index 42c6afb..e8d9cdf 100644 --- a/kustomize/crds/crds/platform.confluent.io_connects.yaml +++ b/kustomize/crds/crds/platform.confluent.io_connects.yaml @@ -1142,6 +1142,256 @@ spec: description: CPExternalAccess holds all external access policies for non-kafka components properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1275,8 +1525,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) For Kafka with nodePort type, it will only apply to - kafka bootstrap service + port(s) items: description: ServicePort contains information on service's port. @@ -1392,14 +1641,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2637,112 +2878,24 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object replicas: description: Replicas is the desired number of replicas of the given Template. Change will roll the cluster format: int32 type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object telemetry: description: ConfluentTelemetry defines the confluent telemetry reporter configuration @@ -2923,10 +3076,6 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml index 0f18682..d7d7783 100644 --- a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml +++ b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml @@ -864,6 +864,256 @@ spec: externalAccess: description: ExternalAccess defines the external access configuration properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -997,8 +1247,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) For Kafka with nodePort type, it will only apply to - kafka bootstrap service + port(s) items: description: ServicePort contains information on service's port. @@ -1119,14 +1368,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2567,106 +2808,6 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -2862,10 +3003,6 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml index 56f6cf4..d685a88 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml @@ -73,29 +73,48 @@ spec: API properties: basic: - description: KafkaRestBasicAuthentication defines basic authentication + description: BasicAuthentication defines basic authentication properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object bearer: - description: KafkaRestBearerAuthentication defines bearer authentication, - used by MDS clients when RBAC enabled + description: BearerAuthentication used by MDS clients properties: + directoryPathInContainer: + minLength: 1 + type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object type: enum: @@ -181,29 +200,48 @@ spec: API properties: basic: - description: KafkaRestBasicAuthentication defines basic authentication + description: BasicAuthentication defines basic authentication properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object bearer: - description: KafkaRestBearerAuthentication defines bearer authentication, - used by MDS clients when RBAC enabled + description: BearerAuthentication used by MDS clients properties: + directoryPathInContainer: + minLength: 1 + type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object type: enum: diff --git a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml index 44f4cce..3d61f2d 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml @@ -403,109 +403,6 @@ spec: - kafka - tokenKeyPair type: object - schemaRegistry: - description: SchemaRegistryClientDependency allows configuring CP - component dependency to configure schemaRegistry settings - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object zookeeper: description: KafkaZookeeperDependencies properties: @@ -641,14 +538,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -767,6 +656,291 @@ spec: description: KafkaExternalAccess allows to configure external access for Kafka cluster properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -911,8 +1085,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) For Kafka with nodePort type, it - will only apply to kafka bootstrap service + service port(s) items: description: ServicePort contains information on service's port. @@ -1210,6 +1383,284 @@ spec: description: KafkaExternalAccess allows to configure external access for Kafka cluster properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1350,8 +1801,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) For Kafka with nodePort type, it will - only apply to kafka bootstrap service + service port(s) items: description: ServicePort contains information on service's port. @@ -2941,106 +3391,6 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object rackAssignment: description: RackAssignment defines the rack awareness capability for @@ -3072,55 +3422,288 @@ spec: kafkaRest: description: RestApiServer embedded rest api server properties: - authentication: - description: RestServerAuthentication server authentication - support to the CP Component - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest Server - enum: - - basic - - mtls - type: string - required: - - type - type: object externalAccess: description: CPExternalAccess holds all external access policies for non-kafka components properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -3261,8 +3844,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) For Kafka with nodePort type, it will - only apply to kafka bootstrap service + service port(s) items: description: ServicePort contains information on service's port. @@ -3437,6 +4019,284 @@ spec: description: CPExternalAccess holds all external access policies for non-kafka components properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -3577,8 +4437,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) For Kafka with nodePort type, it will - only apply to kafka bootstrap service + service port(s) items: description: ServicePort contains information on service's port. @@ -4044,10 +4903,6 @@ spec: type: string client: type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service @@ -4096,10 +4951,6 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml index bd6ba8c..47ce7b4 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml @@ -91,29 +91,48 @@ spec: API properties: basic: - description: KafkaRestBasicAuthentication defines basic authentication + description: BasicAuthentication defines basic authentication properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object bearer: - description: KafkaRestBearerAuthentication defines bearer authentication, - used by MDS clients when RBAC enabled + description: BearerAuthentication used by MDS clients properties: + directoryPathInContainer: + minLength: 1 + type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - required: - - secretRef type: object type: enum: diff --git a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml index 8a16e2a..4c773c8 100644 --- a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml @@ -770,6 +770,256 @@ spec: description: Provides configuring endpoints and services to make ksqlDB accessible from outside the cluster properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -903,8 +1153,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) For Kafka with nodePort type, it will only apply to - kafka bootstrap service + port(s) items: description: ServicePort contains information on service's port. @@ -1020,14 +1269,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2258,106 +2499,6 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -2549,10 +2690,6 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml index f0822c2..988d12e 100644 --- a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml +++ b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml @@ -384,6 +384,256 @@ spec: externalAccess: description: ExternalAccess defines the external access configuration properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -517,8 +767,7 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) For Kafka with nodePort type, it will only apply to - kafka bootstrap service + port(s) items: description: ServicePort contains information on service's port. @@ -634,14 +883,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -1872,112 +2113,23 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object replicas: description: Replicas is the desired number of replicas of the given Template. Change will roll the cluster format: int32 type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object telemetry: description: ConfluentTelemetry defines the confluent telemetry reporter configuration @@ -2154,10 +2306,6 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string - externalAccessType: - description: ExternalAccessType is the external access type used - for the listener - type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml index 19b661d..36a4461 100644 --- a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml +++ b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml @@ -157,14 +157,6 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string - pullPolicy: - description: ImagePullPolicy, One of Always, Never, IfNotPresent. - Defaults to IfNotPresent. - enum: - - Always - - Never - - IfNotPresent - type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -1398,106 +1390,6 @@ spec: type: string type: object type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will schedule - pods in a way which abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology - domains of a given topology type. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 1/1/1; scheduling it onto zone1(zone2) would - make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any - zone. It''s a required field. Default value is 1 and 0 is - not allowed.' - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -1628,10 +1520,6 @@ spec: items: type: string type: array - myIdOffset: - description: MyIdOffset myid offset configuration - format: int32 - type: integer operatorVersion: description: OperatorVersion defines the internal version of operator type: string diff --git a/resources/images/grafana-dashboard.png b/resources/images/grafana-dashboard.png new file mode 100644 index 0000000..f295258 Binary files /dev/null and b/resources/images/grafana-dashboard.png differ diff --git a/resources/images/grafana-dashboard2.png b/resources/images/grafana-dashboard2.png new file mode 100644 index 0000000..69d3934 Binary files /dev/null and b/resources/images/grafana-dashboard2.png differ diff --git a/resources/images/prometheus_targets.png b/resources/images/prometheus_targets.png new file mode 100644 index 0000000..29d78da Binary files /dev/null and b/resources/images/prometheus_targets.png differ