From e3b29a1452a27f74ebcbb49474932a7d31ff3ec7 Mon Sep 17 00:00:00 2001 From: Jan Grant Date: Thu, 11 Jul 2024 14:51:52 +0100 Subject: [PATCH] redpanda: move statefulset.yaml to go --- charts/redpanda/configmap.tpl.go | 14 +- charts/redpanda/secrets.go | 4 +- charts/redpanda/service.loadbalancer.go | 4 +- charts/redpanda/statefulset.go | 550 +++++++++++++- charts/redpanda/templates/_configmap.go.tpl | 8 +- charts/redpanda/templates/_helpers.tpl | 7 - charts/redpanda/templates/_statefulset.go.tpl | 277 +++++-- charts/redpanda/templates/secrets.go.tpl | 4 +- .../templates/service.loadbalancer.go.tpl | 4 +- charts/redpanda/templates/statefulset.yaml | 163 +--- charts/redpanda/templates/values.go.tpl | 162 +++- .../testdata/ci/01-default-values.yaml.golden | 549 +++++++------- ...-cluster-no-tls-no-sasl-values.yaml.golden | 502 +++++++------ ...ode-cluster-tls-no-sasl-values.yaml.golden | 549 +++++++------- ...ode-cluster-no-tls-sasl-values.yaml.golden | 530 ++++++------- ...e-node-cluster-tls-sasl-values.yaml.golden | 579 +++++++------- .../ci/06-rack-awareness-values.yaml.golden | 549 +++++++------- .../07-multiple-listeners-values.yaml.golden | 597 +++++++-------- ...-custom-podantiaffinity-values.yaml.golden | 547 +++++++------- ...nitcontainers-resources-values.yaml.golden | 709 +++++++++--------- .../10-external-addresses-values.yaml.golden | 549 +++++++------- .../11-update-sasl-users-values.yaml.golden | 579 +++++++------- ...2-external-cert-secrets-values.yaml.golden | 549 +++++++------- .../ci/13-loadbalancer-tls-values.yaml.golden | 549 +++++++------- .../14-prometheus-no-tls-values.yaml.golden | 500 ++++++------ .../ci/15-prometheus-tls-values.yaml.golden | 549 +++++++------- .../16-controller-sidecar-values.yaml.golden | 579 +++++++------- ...-resources-without-unit-values.yaml.golden | 555 +++++++------- ...single-external-address-values.yaml.golden | 549 +++++++------- ...-storage-with-creds-values.yaml.tpl.golden | 591 ++++++++------- ...-storage-with-creds-values.yaml.tpl.golden | 591 ++++++++------- ...-storage-with-creds-values.yaml.tpl.golden | 593 +++++++-------- ...age-without-creds-novalues.yaml.tpl.golden | 593 +++++++-------- ...rsistent-with-creds-values.yaml.tpl.golden | 611 +++++++-------- ...rsistent-with-creds-values.yaml.tpl.golden | 611 +++++++-------- ...rsistent-with-creds-values.yaml.tpl.golden | 615 +++++++-------- ...ent-without-creds-novalues.yaml.tpl.golden | 615 +++++++-------- ...verwrite-with-creds-values.yaml.tpl.golden | 611 +++++++-------- ...verwrite-with-creds-values.yaml.tpl.golden | 611 +++++++-------- ...verwrite-with-creds-values.yaml.tpl.golden | 615 +++++++-------- ...ite-without-creds-novalues.yaml.tpl.golden | 615 +++++++-------- ...tional-flags-override-novalues.yaml.golden | 549 +++++++------- ...-statefulset-pod-labels-values.yaml.golden | 549 +++++++------- ...2-statefulset-podspec-novalues.yaml.golden | 557 +++++++------- .../ci/33-advertised-ports-values.yaml.golden | 565 +++++++------- ...3-pod-selector-lables-novalues.yaml.golden | 561 +++++++------- .../34-security-contexts-novalues.yaml.golden | 603 +++++++-------- ...-statefulset-sidecars-novalues.yaml.golden | 623 +++++++-------- .../ci/35-connectors-novalues.yaml.golden | 549 +++++++------- ...-with-template-domain-novalues.yaml.golden | 549 +++++++------- ...-name-and-annotations-novalues.yaml.golden | 553 +++++++------- ...nstall-upgrade-merges-novalues.yaml.golden | 571 +++++++------- ...-upgrade-no-overrides-novalues.yaml.golden | 571 +++++++------- ...lt-image-pull-secrets-novalues.yaml.golden | 554 +++++++------- .../96-audit-logging-values.yaml.tpl.golden | 579 +++++++------- .../ci/97-license-key-values.yaml.tpl.golden | 549 +++++++------- .../ci/98-license-secret-values.yaml.golden | 549 +++++++------- ...nfig-options-with-empty-values.yaml.golden | 591 ++++++++------- .../versions/default-v22.3.14-0.yaml.golden | 549 +++++++------- .../versions/default-v22.3.14-1.yaml.golden | 549 +++++++------- .../versions/default-v22.3.14-2.yaml.golden | 549 +++++++------- .../versions/default-v23.1.2-0.yaml.golden | 549 +++++++------- .../versions/default-v23.1.2-1.yaml.golden | 549 +++++++------- .../versions/default-v23.1.2-2.yaml.golden | 549 +++++++------- .../versions/default-v23.1.3-0.yaml.golden | 549 +++++++------- .../versions/default-v23.1.3-1.yaml.golden | 549 +++++++------- .../versions/default-v23.1.3-2.yaml.golden | 549 +++++++------- .../versions/default-v23.2.1-0.yaml.golden | 549 +++++++------- .../versions/default-v23.2.1-1.yaml.golden | 549 +++++++------- .../versions/default-v23.2.1-2.yaml.golden | 549 +++++++------- .../versions/default-v23.3.0-0.yaml.golden | 549 +++++++------- .../versions/default-v23.3.0-1.yaml.golden | 549 +++++++------- .../versions/default-v23.3.0-2.yaml.golden | 549 +++++++------- .../versions/default-v24.1.0-0.yaml.golden | 549 +++++++------- .../versions/default-v24.1.0-1.yaml.golden | 549 +++++++------- .../versions/default-v24.1.0-2.yaml.golden | 549 +++++++------- .../somecustomrepo-v23.2.8-0.yaml.golden | 549 +++++++------- .../somecustomrepo-v23.2.8-1.yaml.golden | 549 +++++++------- .../somecustomrepo-v23.2.8-2.yaml.golden | 549 +++++++------- .../somecustomrepo-v24.1.0-0.yaml.golden | 549 +++++++------- .../somecustomrepo-v24.1.0-1.yaml.golden | 549 +++++++------- .../somecustomrepo-v24.1.0-2.yaml.golden | 549 +++++++------- charts/redpanda/values.go | 108 ++- charts/redpanda/values.schema.json | 3 + charts/redpanda/values_partial.gen.go | 15 +- pkg/gotohelm/helmette/helm.go | 34 +- pkg/gotohelm/helmette/sprig.go | 8 + pkg/gotohelm/transpiler.go | 2 + 88 files changed, 21456 insertions(+), 20050 deletions(-) diff --git a/charts/redpanda/configmap.tpl.go b/charts/redpanda/configmap.tpl.go index 3a4f6e2a96..c474f7fba8 100644 --- a/charts/redpanda/configmap.tpl.go +++ b/charts/redpanda/configmap.tpl.go @@ -145,12 +145,12 @@ func rpkProfile(dot *helmette.Dot) map[string]any { values := helmette.Unwrap[Values](dot.Values) brokerList := []string{} - for i := 0; i < values.Statefulset.Replicas; i++ { + for i := int32(0); i < values.Statefulset.Replicas; i++ { brokerList = append(brokerList, fmt.Sprintf("%s:%d", advertisedHost(dot, i), int(advertisedKafkaPort(dot, i)))) } adminAdvertisedList := []string{} - for i := 0; i < values.Statefulset.Replicas; i++ { + for i := int32(0); i < values.Statefulset.Replicas; i++ { adminAdvertisedList = append(adminAdvertisedList, fmt.Sprintf("%s:%d", advertisedHost(dot, i), int(advertisedAdminPort(dot, i)))) } @@ -193,7 +193,7 @@ func rpkProfile(dot *helmette.Dot) map[string]any { return result } -func advertisedKafkaPort(dot *helmette.Dot, i int) int { +func advertisedKafkaPort(dot *helmette.Dot, i int32) int { values := helmette.Unwrap[Values](dot.Values) externalKafkaListenerName := getFirstExternalKafkaListener(dot) @@ -215,7 +215,7 @@ func advertisedKafkaPort(dot *helmette.Dot, i int) int { return port } -func advertisedAdminPort(dot *helmette.Dot, i int) int { +func advertisedAdminPort(dot *helmette.Dot, i int32) int { values := helmette.Unwrap[Values](dot.Values) keys := helmette.Keys(values.Listeners.Admin.External) @@ -241,7 +241,7 @@ func advertisedAdminPort(dot *helmette.Dot, i int) int { return port } -func advertisedHost(dot *helmette.Dot, i int) string { +func advertisedHost(dot *helmette.Dot, i int32) string { values := helmette.Unwrap[Values](dot.Values) address := fmt.Sprintf("%s-%d", Fullname(dot), int(i)) @@ -281,7 +281,7 @@ func rpkConfiguration(dot *helmette.Dot) map[string]any { brokerList := []string{} r := values.Statefulset.Replicas - for i := 0; i < r; i++ { + for i := int32(0); i < r; i++ { brokerList = append(brokerList, fmt.Sprintf("%s-%d.%s:%d", Fullname(dot), i, InternalDomain(dot), int(values.Listeners.Kafka.Port))) } @@ -362,7 +362,7 @@ func kafkaClient(dot *helmette.Dot) map[string]any { values := helmette.Unwrap[Values](dot.Values) brokerList := []map[string]any{} - for i := 0; i < values.Statefulset.Replicas; i++ { + for i := int32(0); i < values.Statefulset.Replicas; i++ { brokerList = append(brokerList, map[string]any{ "address": fmt.Sprintf("%s-%d.%s", Fullname(dot), i, InternalDomain(dot)), "port": values.Listeners.Kafka.Port, diff --git a/charts/redpanda/secrets.go b/charts/redpanda/secrets.go index 6fc123bfb4..72022ed1ab 100644 --- a/charts/redpanda/secrets.go +++ b/charts/redpanda/secrets.go @@ -509,7 +509,7 @@ func secretConfiguratorKafkaConfig(dot *helmette.Dot) []string { ``, fmt.Sprintf(`ADVERTISED_%s_ADDRESSES=()`, helmette.Upper(listenerName)), ) - for _, replicaIndex := range helmette.Until(values.Statefulset.Replicas) { + for _, replicaIndex := range helmette.Until(int(values.Statefulset.Replicas)) { // advertised-port for kafka port := externalVals.Port // This is always defined for kafka if len(externalVals.AdvertisedPorts) > 0 { @@ -586,7 +586,7 @@ func secretConfiguratorHTTPConfig(dot *helmette.Dot) []string { ``, fmt.Sprintf(`ADVERTISED_%s_ADDRESSES=()`, helmette.Upper(listenerName)), ) - for _, replicaIndex := range helmette.Until(values.Statefulset.Replicas) { + for _, replicaIndex := range helmette.Until(int(values.Statefulset.Replicas)) { // advertised-port for kafka port := externalVals.Port // This is always defined for kafka if len(externalVals.AdvertisedPorts) > 0 { diff --git a/charts/redpanda/service.loadbalancer.go b/charts/redpanda/service.loadbalancer.go index d442ca15b6..3c439b356a 100644 --- a/charts/redpanda/service.loadbalancer.go +++ b/charts/redpanda/service.loadbalancer.go @@ -51,7 +51,7 @@ func LoadBalancerServices(dot *helmette.Dot) []*corev1.Service { var services []*corev1.Service replicas := values.Statefulset.Replicas // TODO fix me once the transpiler is fixed. - for i := 0; i < replicas; i++ { + for i := int32(0); i < replicas; i++ { podname := fmt.Sprintf("%s-%d", Fullname(dot), i) // NB: A range loop is used here as its the most terse way to handle @@ -63,7 +63,7 @@ func LoadBalancerServices(dot *helmette.Dot) []*corev1.Service { if externalDNS.Enabled { prefix := podname - if len(values.External.Addresses) > i { + if len(values.External.Addresses) > int(i) { prefix = values.External.Addresses[i] } diff --git a/charts/redpanda/statefulset.go b/charts/redpanda/statefulset.go index 4d09bfd9bb..c35e3ab851 100644 --- a/charts/redpanda/statefulset.go +++ b/charts/redpanda/statefulset.go @@ -20,6 +20,8 @@ import ( "fmt" "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -161,7 +163,7 @@ func StatefulSetVolumes(dot *helmette.Dot) []corev1.Volume { volumes := CommonVolumes(dot) values := helmette.Unwrap[Values](dot.Values) - // NOTE extraVolumes, datadir, and tiered-storage-dir are NOT in this + // NOTE and tiered-storage-dir are NOT in this // function. TODO: Migrate them into this function. volumes = append(volumes, []corev1.Volume{ { @@ -222,9 +224,73 @@ func StatefulSetVolumes(dot *helmette.Dot) []corev1.Volume { volumes = append(volumes, templateToVolumes(dot, values.Statefulset.ExtraVolumes)...) + volumes = append(volumes, statefulSetVolumeDataDir(dot)) + + if v := statefulSetVolumeTieredStorageDir(dot); v != nil { + volumes = append(volumes, *v) + } + return volumes } +func statefulSetVolumeDataDir(dot *helmette.Dot) corev1.Volume { + values := helmette.Unwrap[Values](dot.Values) + + datadirSource := corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + } + if values.Storage.PersistentVolume.Enabled { + datadirSource = corev1.VolumeSource{ + PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ + ClaimName: "datadir", + }, + } + } else if values.Storage.HostPath != "" { + datadirSource = corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: values.Storage.HostPath, + }, + } + } + return corev1.Volume{ + Name: "datadir", + VolumeSource: datadirSource, + } +} + +func statefulSetVolumeTieredStorageDir(dot *helmette.Dot) *corev1.Volume { + values := helmette.Unwrap[Values](dot.Values) + + if !values.Storage.IsTieredStorageEnabled() { + return nil + } + + tieredType := values.Storage.TieredMountType() + if tieredType == "none" || tieredType == "persistentVolume" { + return nil + } + + if tieredType == "hostPath" { + return &corev1.Volume{ + Name: "tiered-storage-dir", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: values.Storage.GetTieredStorageHostPath(), + }, + }, + } + } + + return &corev1.Volume{ + Name: "tiered-storage-dir", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: values.Storage.CloudStorageCacheSize(), + }, + }, + } +} + // StatefulSetRedpandaMounts returns the VolumeMounts for the Redpanda // Container of the Redpanda StatefulSet. func StatefulSetVolumeMounts(dot *helmette.Dot) []corev1.VolumeMount { @@ -394,13 +460,13 @@ func statefulSetInitContainerSetTieredStorageCacheDirOwnership(dot *helmette.Dot } uid, gid := securityContextUidGid(dot, "set-tiered-storage-cache-dir-ownership") - cacheDir := storageTieredCacheDirectory(dot) + cacheDir := values.Storage.TieredCacheDirectory(dot) mounts := CommonMounts(dot) mounts = append(mounts, corev1.VolumeMount{ Name: "datadir", MountPath: "/var/lib/redpanda/data", }) - if storageTieredMountType(dot) != "none" { + if values.Storage.TieredMountType() != "none" { name := "tiered-storage-dir" if values.Storage.PersistentVolume != nil && values.Storage.PersistentVolume.NameOverwrite != "" { name = values.Storage.PersistentVolume.NameOverwrite @@ -429,32 +495,6 @@ func statefulSetInitContainerSetTieredStorageCacheDirOwnership(dot *helmette.Dot } } -// storageTieredCacheDirectory was: tieredStorage.cacheDirectory -func storageTieredCacheDirectory(dot *helmette.Dot) string { - values := helmette.Unwrap[Values](dot.Values) - - config := values.Storage.GetTieredStorageConfig() - - dir := helmette.Dig(config, "/var/lib/redpanda/data/cloud_storage_cache", `cloud_storage_cache_directory`).(string) - if dir == "" { - return "/var/lib/redpanda/data/cloud_storage_cache" - } - return dir -} - -// storageTieredMountType was: storage-tiered-mountType -func storageTieredMountType(dot *helmette.Dot) string { - values := helmette.Unwrap[Values](dot.Values) - if values.Storage.TieredStoragePersistentVolume != nil && values.Storage.TieredStoragePersistentVolume.Enabled { - return "persistentVolume" - } - if values.Storage.TieredStorageHostPath != "" { - // XXX type is declared as string, but it's being used as a bool - return "hostPath" - } - return values.Storage.Tiered.MountType -} - func statefulSetInitContainerConfigurator(dot *helmette.Dot) *corev1.Container { values := helmette.Unwrap[Values](dot.Values) @@ -724,7 +764,7 @@ func statefulSetContainerRedpanda(dot *helmette.Dot) *corev1.Container { } } - if values.Storage.IsTieredStorageEnabled() && storageTieredMountType(dot) != "none" { + if values.Storage.IsTieredStorageEnabled() && values.Storage.TieredMountType() != "none" { name := "tiered-storage-dir" if values.Storage.PersistentVolume != nil && values.Storage.PersistentVolume.NameOverwrite != "" { name = values.Storage.PersistentVolume.NameOverwrite @@ -732,7 +772,7 @@ func statefulSetContainerRedpanda(dot *helmette.Dot) *corev1.Container { container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: name, - MountPath: storageTieredCacheDirectory(dot), + MountPath: values.Storage.TieredCacheDirectory(dot), }, ) } @@ -847,3 +887,451 @@ func templateToContainers(dot *helmette.Dot, template string) []corev1.Container result := helmette.Tpl(template, dot) return helmette.UnmarshalYamlArray[corev1.Container](result) } + +func StatefulSet(dot *helmette.Dot) *appsv1.StatefulSet { + values := helmette.Unwrap[Values](dot.Values) + + if !RedpandaAtLeast_22_2_0(dot) && !values.Force { + sv := semver(dot) + panic(fmt.Sprintf("Error: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding `--force=true`\n", sv)) + } + ss := &appsv1.StatefulSet{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "StatefulSet", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: Fullname(dot), + Namespace: dot.Release.Namespace, + Labels: FullLabels(dot), + }, + Spec: appsv1.StatefulSetSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: StatefulSetPodLabelsSelector(dot), + }, + ServiceName: ServiceName(dot), + Replicas: ptr.To(values.Statefulset.Replicas), + UpdateStrategy: helmette.UnmarshalInto[appsv1.StatefulSetUpdateStrategy](values.Statefulset.UpdateStrategy), + PodManagementPolicy: "Parallel", + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: StatefulSetPodLabels(dot), + Annotations: StatefulSetPodAnnotations(dot, statefulSetChecksumAnnotation(dot)), + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: ptr.To(values.Statefulset.TerminationGracePeriodSeconds), + SecurityContext: PodSecurityContext(dot), + ServiceAccountName: ServiceAccountName(dot), + ImagePullSecrets: helmette.Default(nil, values.ImagePullSecrets), + InitContainers: StatefulSetInitContainers(dot), + Containers: StatefulSetContainers(dot), + Volumes: StatefulSetVolumes(dot), + TopologySpreadConstraints: statefulSetTopologySpreadConstraints(dot), + NodeSelector: statefulSetNodeSelectors(dot), + Affinity: statefulSetAffinity(dot), + PriorityClassName: values.Statefulset.PriorityClassName, + Tolerations: statefulSetTolerations(dot), + }, + }, + VolumeClaimTemplates: nil, // Set below + }, + } + + // VolumeClaimTemplates + if values.Storage.PersistentVolume.Enabled || (values.Storage.IsTieredStorageEnabled() && values.Storage.TieredMountType() == "persistentVolume") { + if t := volumeClaimTemplateDatadir(dot); t != nil { + ss.Spec.VolumeClaimTemplates = append(ss.Spec.VolumeClaimTemplates, *t) + } + if t := volumeClaimTemplateTieredStorageDir(dot); t != nil { + ss.Spec.VolumeClaimTemplates = append(ss.Spec.VolumeClaimTemplates, *t) + } + } + + return ss +} + +func semver(dot *helmette.Dot) string { + return strings.TrimPrefix(Tag(dot), "v") +} + +// statefulSetChecksumAnnotation was statefulset-checksum-annotation +// statefulset-checksum-annotation calculates a checksum that is used +// as the value for the annotation, "checksum/config". When this value +// changes, kube-controller-manager will roll the pods. +// +// Append any additional dependencies that require the pods to restart +// to the $dependencies list. +func statefulSetChecksumAnnotation(dot *helmette.Dot) string { + values := helmette.Unwrap[Values](dot.Values) + var dependencies []any + dependencies = append(dependencies, ConfigMapsWithoutSeedServer(dot)) + if values.External.Enabled { + dependencies = append(dependencies, ptr.Deref(values.External.Domain, "")) + if helmette.Empty(values.External.Addresses) { + dependencies = append(dependencies, "") + } else { + dependencies = append(dependencies, values.External.Addresses) + } + } + return helmette.Sha256Sum(helmette.ToJSON(dependencies)) +} + +// statefulSetTolerations was statefulset-tolerations +func statefulSetTolerations(dot *helmette.Dot) []corev1.Toleration { + values := helmette.Unwrap[Values](dot.Values) + return helmette.Default(values.Tolerations, values.Statefulset.Tolerations) +} + +// statefulSetNodeSelectors was statefulset-nodeselectors +func statefulSetNodeSelectors(dot *helmette.Dot) map[string]string { + values := helmette.Unwrap[Values](dot.Values) + + return helmette.Default(values.Statefulset.NodeSelector, values.NodeSelector) +} + +// statefulSetAffinity was statefulset-affinity +// Set affinity for statefulset, defaults to global affinity if not defined in statefulset +func statefulSetAffinity(dot *helmette.Dot) *corev1.Affinity { + values := helmette.Unwrap[Values](dot.Values) + + affinity := &corev1.Affinity{} + + if !helmette.Empty(values.Statefulset.NodeAffinity) { + affinity.NodeAffinity = ptr.To(helmette.UnmarshalInto[corev1.NodeAffinity](values.Statefulset.NodeAffinity)) + } else if !helmette.Empty(values.Affinity.NodeAffinity) { + affinity.NodeAffinity = ptr.To(helmette.UnmarshalInto[corev1.NodeAffinity](values.Affinity.NodeAffinity)) + } + + if !helmette.Empty(values.Statefulset.PodAffinity) { + affinity.PodAffinity = ptr.To(helmette.UnmarshalInto[corev1.PodAffinity](values.Statefulset.PodAffinity)) + } else if !helmette.Empty(values.Affinity.PodAffinity) { + affinity.PodAffinity = ptr.To(helmette.UnmarshalInto[corev1.PodAffinity](values.Affinity.PodAffinity)) + } + + if !helmette.Empty(values.Statefulset.PodAntiAffinity) { + affinity.PodAntiAffinity = &corev1.PodAntiAffinity{} + if values.Statefulset.PodAntiAffinity.Type == "hard" { + affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = []corev1.PodAffinityTerm{ + { + TopologyKey: values.Statefulset.PodAntiAffinity.TopologyKey, + LabelSelector: &metav1.LabelSelector{ + MatchLabels: StatefulSetPodLabelsSelector(dot), + }, + }, + } + } else if values.Statefulset.PodAntiAffinity.Type == "soft" { + affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution = []corev1.WeightedPodAffinityTerm{ + { + Weight: values.Statefulset.PodAntiAffinity.Weight, + PodAffinityTerm: corev1.PodAffinityTerm{ + TopologyKey: values.Statefulset.PodAntiAffinity.TopologyKey, + LabelSelector: &metav1.LabelSelector{ + MatchLabels: StatefulSetPodLabelsSelector(dot), + }, + }, + }, + } + } else if values.Statefulset.PodAntiAffinity.Type == "custom" { + affinity.PodAntiAffinity = ptr.To(helmette.UnmarshalInto[corev1.PodAntiAffinity](values.Statefulset.PodAntiAffinity.Custom)) + } + } else if !helmette.Empty(values.Affinity.PodAntiAffinity) { + affinity.PodAntiAffinity = ptr.To(helmette.UnmarshalInto[corev1.PodAntiAffinity](values.Affinity.PodAntiAffinity)) + } + + return affinity +} + +func volumeClaimTemplateDatadir(dot *helmette.Dot) *corev1.PersistentVolumeClaim { + values := helmette.Unwrap[Values](dot.Values) + if !values.Storage.PersistentVolume.Enabled { + return nil + } + + pvc := &corev1.PersistentVolumeClaim{ + ObjectMeta: metav1.ObjectMeta{ + Name: "datadir", + Labels: helmette.Merge(map[string]string{ + `app.kubernetes.io/name`: Name(dot), + `app.kubernetes.io/instance`: dot.Release.Name, + `app.kubernetes.io/component`: Name(dot), + }, + values.Storage.PersistentVolume.Labels, + values.CommonLabels, + ), + Annotations: helmette.Default(nil, values.Storage.PersistentVolume.Annotations), + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: helmette.UnmarshalInto[corev1.ResourceList](map[string]any{ + "storage": values.Storage.PersistentVolume.Size, + }), + }, + }, + } + + if !helmette.Empty(values.Storage.PersistentVolume.StorageClass) { + if values.Storage.PersistentVolume.StorageClass == "-" { + pvc.Spec.StorageClassName = ptr.To("") + } else { + pvc.Spec.StorageClassName = ptr.To(values.Storage.PersistentVolume.StorageClass) + } + } + + return pvc +} + +func volumeClaimTemplateTieredStorageDir(dot *helmette.Dot) *corev1.PersistentVolumeClaim { + values := helmette.Unwrap[Values](dot.Values) + + if !values.Storage.IsTieredStorageEnabled() || values.Storage.TieredMountType() != "persistentVolume" { + return nil + } + + pvc := &corev1.PersistentVolumeClaim{ + ObjectMeta: metav1.ObjectMeta{ + Name: helmette.Default("tiered-storage-dir", values.Storage.PersistentVolume.NameOverwrite), + Labels: helmette.Merge(map[string]string{ + `app.kubernetes.io/name`: Name(dot), + `app.kubernetes.io/instance`: dot.Release.Name, + `app.kubernetes.io/component`: Name(dot), + }, + values.Storage.TieredPersistentVolumeLabels(), + values.CommonLabels, + ), + Annotations: helmette.Default(nil, values.Storage.TieredPersistentVolumeAnnotations()), + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: helmette.UnmarshalInto[corev1.ResourceList](map[string]any{ + "storage": values.Storage.GetTieredStorageConfig()[`cloud_storage_cache_size`], + }), + }, + }, + } + + if sc := values.Storage.TieredPersistentVolumeStorageClass(); sc == "-" { + pvc.Spec.StorageClassName = ptr.To("") + } else if !helmette.Empty(sc) { + pvc.Spec.StorageClassName = ptr.To(sc) + } + + return pvc +} + +func statefulSetTopologySpreadConstraints(dot *helmette.Dot) []corev1.TopologySpreadConstraint { + values := helmette.Unwrap[Values](dot.Values) + + // XXX: Was protected with this: semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion + // but that version is beyond EOL + // GitVersion itself is marked as deprecated. + if test, _ := helmette.SemverCompare(">=1.16-0", dot.Capabilities.KubeVersion.GitVersion()); !test { + return nil + } + + var result []corev1.TopologySpreadConstraint + labelSelector := &metav1.LabelSelector{ + MatchLabels: StatefulSetPodLabelsSelector(dot), + } + for _, v := range values.Statefulset.TopologySpreadConstraints { + result = append(result, + corev1.TopologySpreadConstraint{ + MaxSkew: v.MaxSkew, + TopologyKey: v.TopologyKey, + WhenUnsatisfiable: v.WhenUnsatisfiable, + LabelSelector: labelSelector, + }, + ) + } + + return result +} + +var _ = ` +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- include "fail-on-unsupported-helm-version" . -}} +{{- include "fail-on-insecure-sasl-logging" . -}} + +{{- $values := .Values }} +{{- $internalAdvertiseAddress := printf "%s.%s" "$(SERVICE_NAME)" (include "redpanda.internal.domain" .) -}} +{{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset -}} +{{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset -}} + +{{- if not (include "redpanda-atleast-22-2-0" . | fromJson).bool -}} + {{- if eq (get .Values "force" | default false) false -}} + {{- fail ( + printf "\n\nError: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding ` + `--force=true` + `\n" (( include "redpanda.semver" . )) + ) + -}} + {{- end -}} +{{- end -}} + +{{- $initContainers := (get ((include "redpanda.StatefulSetInitContainers" (dict "a" (list .))) | fromJson) "r") -}} +{{- $containers := (get ((include "redpanda.StatefulSetContainers" (dict "a" (list .))) | fromJson) "r") -}} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: {{ (include "statefulset-pod-labels-selector" .) | nindent 6 }} + serviceName: {{ template "redpanda.servicename" . }} + replicas: {{ .Values.statefulset.replicas | int64 }} + updateStrategy: + {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} + podManagementPolicy: "Parallel" + template: + metadata: + labels: {{ (include "statefulset-pod-labels" .) | nindent 8 }} + annotations:{{ ( get ( (include "redpanda.StatefulSetPodAnnotations" (dict "a" (list . (include "statefulset-checksum-annotation" .) )) ) | fromJson) "r" ) | toYaml | nindent 8 }} + spec: + terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} + securityContext: {{ include "pod-security-context" . | nindent 8 }} + serviceAccountName: {{ include "redpanda.serviceAccountName" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: +{{- if not (empty $initContainers) }} +{{- toYaml $initContainers | nindent 8 }} +{{- end }} + containers: +{{- if not (empty $containers) }} +{{- toYaml $containers | nindent 8 }} +{{- end }} + volumes: {{ (get ((include "redpanda.StatefulSetVolumes" (dict "a" (list .))) | fromJson) "r") | toYaml | nindent 8 }} + - name: datadir + {{- if .Values.storage.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: datadir + {{- else if .Values.storage.hostPath }} + hostPath: + path: {{ .Values.storage.hostPath | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} + {{- $tieredType := include "storage-tiered-mountType" . }} + {{- if and (ne $tieredType "none") (ne $tieredType "persistentVolume") }} + - name: tiered-storage-dir + {{- if eq $tieredType "hostPath" }} + hostPath: + path: {{ include "storage-tiered-hostpath" . }} + {{- else }} + emptyDir: + sizeLimit: {{ (include "storage-tiered-config" . | fromJson).cloud_storage_cache_size }} + {{- end }} + {{- end }} + {{- end }} +{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} + topologySpreadConstraints: + {{- range $v := .Values.statefulset.topologySpreadConstraints }} + - maxSkew: {{ $v.maxSkew }} + topologyKey: {{ $v.topologyKey }} + whenUnsatisfiable: {{ $v.whenUnsatisfiable }} + labelSelector: + matchLabels: {{ include "statefulset-pod-labels-selector" $ | nindent 14 }} + {{- end }} +{{- end }} +{{- with ( include "statefulset-nodeSelectors" . ) }} + nodeSelector: {{- . | nindent 8 }} +{{- end }} +{{- with ( include "statefulset-affinity" . ) }} + affinity: {{- . | nindent 8 }} +{{- end }} +{{- if .Values.statefulset.priorityClassName }} + priorityClassName: {{ .Values.statefulset.priorityClassName }} +{{- end }} +{{- with ( include "statefulset-tolerations" . ) }} + tolerations: {{- . | nindent 8 }} +{{- end }} +{{- if or .Values.storage.persistentVolume.enabled (and (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (eq (include "storage-tiered-mountType" .) "persistentVolume" )) }} + volumeClaimTemplates: +{{- if .Values.storage.persistentVolume.enabled }} + - metadata: + name: datadir + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.storage.persistentVolume.labels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.storage.persistentVolume.annotations }} + annotations: {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: ["ReadWriteOnce"] + {{- if .Values.storage.persistentVolume.storageClass }} + {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.persistentVolume.size | quote }} +{{- end }} +{{- if and (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (eq (include "storage-tiered-mountType" .) "persistentVolume") }} + - metadata: + name: {{ default "tiered-storage-dir" .Values.storage.persistentVolume.nameOverwrite }} + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with (include "storage-tiered-persistentvolume" . | fromJson).labels }} + {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with (include "storage-tiered-persistentvolume" . | fromJson).annotations }} + annotations: {{ toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: ["ReadWriteOnce"] + {{- with (include "storage-tiered-persistentvolume" . | fromJson).storageClass }} + {{- if eq "-" . }} + storageClassName: "" + {{- else }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ (include "storage-tiered-config" .|fromJson).cloud_storage_cache_size }} +{{- end }} +{{- end }} + +` diff --git a/charts/redpanda/templates/_configmap.go.tpl b/charts/redpanda/templates/_configmap.go.tpl index 5bd0f406da..e2bda64e8f 100644 --- a/charts/redpanda/templates/_configmap.go.tpl +++ b/charts/redpanda/templates/_configmap.go.tpl @@ -88,11 +88,11 @@ {{- range $_ := (list 1) -}} {{- $values := $dot.Values.AsMap -}} {{- $brokerList := (list ) -}} -{{- range $_, $i := untilStep ((0 | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} {{- $brokerList = (concat (default (list ) $brokerList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedKafkaPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} {{- end -}} {{- $adminAdvertisedList := (list ) -}} -{{- range $_, $i := untilStep ((0 | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} {{- $adminAdvertisedList = (concat (default (list ) $adminAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedAdminPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} {{- end -}} {{- $kafkaTLS := (get (fromJson (include "redpanda.brokersTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} @@ -212,7 +212,7 @@ {{- $values := $dot.Values.AsMap -}} {{- $brokerList := (list ) -}} {{- $r := ($values.statefulset.replicas | int) -}} -{{- range $_, $i := untilStep ((0 | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} {{- $brokerList = (concat (default (list ) $brokerList) (list (printf "%s-%d.%s:%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") (($values.listeners.kafka.port | int) | int)))) -}} {{- end -}} {{- $adminTLS := (coalesce nil) -}} @@ -282,7 +282,7 @@ {{- range $_ := (list 1) -}} {{- $values := $dot.Values.AsMap -}} {{- $brokerList := (list ) -}} -{{- range $_, $i := untilStep ((0 | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} {{- $brokerList = (concat (default (list ) $brokerList) (list (dict "address" (printf "%s-%d.%s" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) "port" ($values.listeners.kafka.port | int) ))) -}} {{- end -}} {{- $kafkaTLS := $values.listeners.kafka.tls -}} diff --git a/charts/redpanda/templates/_helpers.tpl b/charts/redpanda/templates/_helpers.tpl index 0e85e7a226..740ef3812e 100644 --- a/charts/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/templates/_helpers.tpl @@ -50,13 +50,6 @@ Create chart name and version as used by the chart label. {{- get ((include "redpanda.Chart" (dict "a" (list .))) | fromJson) "r" }} {{- end }} -{{/* -Get the version of redpanda being used as an image -*/}} -{{- define "redpanda.semver" -}} -{{ include "redpanda.tag" . | trimPrefix "v" }} -{{- end }} - {{/* Create the name of the service account to use */}} diff --git a/charts/redpanda/templates/_statefulset.go.tpl b/charts/redpanda/templates/_statefulset.go.tpl index a56a3a15da..4579ffcec1 100644 --- a/charts/redpanda/templates/_statefulset.go.tpl +++ b/charts/redpanda/templates/_statefulset.go.tpl @@ -89,11 +89,54 @@ {{- $volumes = (concat (default (list ) $volumes) (list $vol_5)) -}} {{- end -}} {{- $volumes = (concat (default (list ) $volumes) (default (list ) (get (fromJson (include "redpanda.templateToVolumes" (dict "a" (list $dot $values.statefulset.extraVolumes) ))) "r"))) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (get (fromJson (include "redpanda.statefulSetVolumeDataDir" (dict "a" (list $dot) ))) "r"))) -}} +{{- $v_6 := (get (fromJson (include "redpanda.statefulSetVolumeTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $v_6 (coalesce nil)) -}} +{{- $volumes = (concat (default (list ) $volumes) (list $v_6)) -}} +{{- end -}} {{- (dict "r" $volumes) | toJson -}} {{- break -}} {{- end -}} {{- end -}} +{{- define "redpanda.statefulSetVolumeDataDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- $datadirSource := (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) -}} +{{- if $values.storage.persistentVolume.enabled -}} +{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "persistentVolumeClaim" (mustMergeOverwrite (dict "claimName" "" ) (dict "claimName" "datadir" )) )) -}} +{{- else -}}{{- if (ne $values.storage.hostPath "") -}} +{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" $values.storage.hostPath )) )) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) $datadirSource (dict "name" "datadir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetVolumeTieredStorageDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tieredType := (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") -}} +{{- if (or (eq $tieredType "none") (eq $tieredType "persistentVolume")) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (eq $tieredType "hostPath") -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" (get (fromJson (include "redpanda.Storage.GetTieredStorageHostPath" (dict "a" (list $values.storage) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict "sizeLimit" (get (fromJson (include "redpanda.Storage.CloudStorageCacheSize" (dict "a" (list $values.storage) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + {{- define "redpanda.StatefulSetVolumeMounts" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -113,22 +156,22 @@ {{- range $_ := (list 1) -}} {{- $values := $dot.Values.AsMap -}} {{- $containers := (coalesce nil) -}} -{{- $c_6 := (get (fromJson (include "redpanda.statefulSetInitContainerTuning" (dict "a" (list $dot) ))) "r") -}} -{{- if (ne $c_6 (coalesce nil)) -}} -{{- $containers = (concat (default (list ) $containers) (list $c_6)) -}} -{{- end -}} -{{- $c_7 := (get (fromJson (include "redpanda.statefulSetInitContainerSetDataDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- $c_7 := (get (fromJson (include "redpanda.statefulSetInitContainerTuning" (dict "a" (list $dot) ))) "r") -}} {{- if (ne $c_7 (coalesce nil)) -}} {{- $containers = (concat (default (list ) $containers) (list $c_7)) -}} {{- end -}} -{{- $c_8 := (get (fromJson (include "redpanda.statefulSetInitContainerFSValidator" (dict "a" (list $dot) ))) "r") -}} +{{- $c_8 := (get (fromJson (include "redpanda.statefulSetInitContainerSetDataDirOwnership" (dict "a" (list $dot) ))) "r") -}} {{- if (ne $c_8 (coalesce nil)) -}} {{- $containers = (concat (default (list ) $containers) (list $c_8)) -}} {{- end -}} -{{- $c_9 := (get (fromJson (include "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- $c_9 := (get (fromJson (include "redpanda.statefulSetInitContainerFSValidator" (dict "a" (list $dot) ))) "r") -}} {{- if (ne $c_9 (coalesce nil)) -}} {{- $containers = (concat (default (list ) $containers) (list $c_9)) -}} {{- end -}} +{{- $c_10 := (get (fromJson (include "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $c_10 (coalesce nil)) -}} +{{- $containers = (concat (default (list ) $containers) (list $c_10)) -}} +{{- end -}} {{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetInitContainerConfigurator" (dict "a" (list $dot) ))) "r"))) -}} {{- $containers = (concat (default (list ) $containers) (default (list ) (get (fromJson (include "redpanda.templateToContainers" (dict "a" (list $dot $values.statefulset.initContainers.extraInitContainers) ))) "r"))) -}} {{- (dict "r" $containers) | toJson -}} @@ -213,10 +256,10 @@ {{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-tiered-storage-cache-dir-ownership") ))) "r")) ))) "r") -}} {{- $gid := ($tmp_tuple_4.T2 | int64) -}} {{- $uid := ($tmp_tuple_4.T1 | int64) -}} -{{- $cacheDir := (get (fromJson (include "redpanda.storageTieredCacheDirectory" (dict "a" (list $dot) ))) "r") -}} +{{- $cacheDir := (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") -}} {{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} {{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data" )))) -}} -{{- if (ne (get (fromJson (include "redpanda.storageTieredMountType" (dict "a" (list $dot) ))) "r") "none") -}} +{{- if (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none") -}} {{- $name := "tiered-storage-dir" -}} {{- if (and (ne $values.storage.persistentVolume (coalesce nil)) (ne $values.storage.persistentVolume.nameOverwrite "")) -}} {{- $name = $values.storage.persistentVolume.nameOverwrite -}} @@ -229,38 +272,6 @@ {{- end -}} {{- end -}} -{{- define "redpanda.storageTieredCacheDirectory" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $values := $dot.Values.AsMap -}} -{{- $config := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") -}} -{{- $dir := (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" (dig `cloud_storage_cache_directory` "/var/lib/redpanda/data/cloud_storage_cache" $config)) ))) "r") -}} -{{- if (eq $dir "") -}} -{{- (dict "r" "/var/lib/redpanda/data/cloud_storage_cache") | toJson -}} -{{- break -}} -{{- end -}} -{{- (dict "r" $dir) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.storageTieredMountType" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $values := $dot.Values.AsMap -}} -{{- if (and (ne $values.storage.tieredStoragePersistentVolume (coalesce nil)) $values.storage.tieredStoragePersistentVolume.enabled) -}} -{{- (dict "r" "persistentVolume") | toJson -}} -{{- break -}} -{{- end -}} -{{- if (ne $values.storage.tieredStorageHostPath "") -}} -{{- (dict "r" "hostPath") | toJson -}} -{{- break -}} -{{- end -}} -{{- (dict "r" $values.storage.tiered.mountType) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - {{- define "redpanda.statefulSetInitContainerConfigurator" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -275,14 +286,14 @@ {{- range $_ := (list 1) -}} {{- $containers := (coalesce nil) -}} {{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetContainerRedpanda" (dict "a" (list $dot) ))) "r"))) -}} -{{- $c_10 := (get (fromJson (include "redpanda.statefulSetContainerConfigWatcher" (dict "a" (list $dot) ))) "r") -}} -{{- if (ne $c_10 (coalesce nil)) -}} -{{- $containers = (concat (default (list ) $containers) (list $c_10)) -}} -{{- end -}} -{{- $c_11 := (get (fromJson (include "redpanda.statefulSetContainerControllers" (dict "a" (list $dot) ))) "r") -}} +{{- $c_11 := (get (fromJson (include "redpanda.statefulSetContainerConfigWatcher" (dict "a" (list $dot) ))) "r") -}} {{- if (ne $c_11 (coalesce nil)) -}} {{- $containers = (concat (default (list ) $containers) (list $c_11)) -}} {{- end -}} +{{- $c_12 := (get (fromJson (include "redpanda.statefulSetContainerControllers" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $c_12 (coalesce nil)) -}} +{{- $containers = (concat (default (list ) $containers) (list $c_12)) -}} +{{- end -}} {{- (dict "r" $containers) | toJson -}} {{- break -}} {{- end -}} @@ -293,7 +304,7 @@ {{- range $_ := (list 1) -}} {{- $values := $dot.Values.AsMap -}} {{- $internalAdvertiseAddress := (printf "%s.%s" "$(SERVICE_NAME)" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} -{{- $container := (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "env" (get (fromJson (include "redpanda.StatefulSetRedpandaEnv" (dict "a" (list $dot) ))) "r") "lifecycle" (mustMergeOverwrite (dict ) (dict "postStart" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/bash` `-c` (join "\n" (list (printf `timeout -v %d bash -x /var/lifecycle/postStart.sh` ((div ($values.statefulset.terminationGracePeriodSeconds | int) (2 | int)) | int)) `true` ``))) )) )) "preStop" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/bash` `-c` (join "\n" (list (printf `timeout -v %d bash -x /var/lifecycle/preStop.sh` ((div ($values.statefulset.terminationGracePeriodSeconds | int) (2 | int)) | int)) `true # do not fail and cause the pod to terminate` ``))) )) )) )) "startupProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -e` (printf `RESULT=$(curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready")` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r")) `echo $RESULT` `echo $RESULT | grep ready` ``))) )) )) (dict "initialDelaySeconds" ($values.statefulset.startupProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.startupProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.startupProbe.failureThreshold | int) )) "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (printf `curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready"` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r"))) )) )) (dict "initialDelaySeconds" ($values.statefulset.livenessProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.livenessProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.livenessProbe.failureThreshold | int) )) "command" (list `rpk` `redpanda` `start` (printf `--advertise-rpc-addr=%s:%d` $internalAdvertiseAddress ($values.listeners.rpc.port | int))) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.StatefulSetVolumeMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.extraVolumeMounts) ))) "r"))) "securityContext" (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r") "resources" (mustMergeOverwrite (dict ) (dict )) )) -}} +{{- $container := (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "env" (get (fromJson (include "redpanda.StatefulSetRedpandaEnv" (dict "a" (list $dot) ))) "r") "lifecycle" (mustMergeOverwrite (dict ) (dict "postStart" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/bash` `-c` (join "\n" (list (printf `timeout -v %d bash -x /var/lifecycle/postStart.sh` ((div ($values.statefulset.terminationGracePeriodSeconds | int64) (2 | int64)) | int64)) `true` ``))) )) )) "preStop" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/bash` `-c` (join "\n" (list (printf `timeout -v %d bash -x /var/lifecycle/preStop.sh` ((div ($values.statefulset.terminationGracePeriodSeconds | int64) (2 | int64)) | int64)) `true # do not fail and cause the pod to terminate` ``))) )) )) )) "startupProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -e` (printf `RESULT=$(curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready")` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r")) `echo $RESULT` `echo $RESULT | grep ready` ``))) )) )) (dict "initialDelaySeconds" ($values.statefulset.startupProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.startupProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.startupProbe.failureThreshold | int) )) "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (printf `curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready"` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r"))) )) )) (dict "initialDelaySeconds" ($values.statefulset.livenessProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.livenessProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.livenessProbe.failureThreshold | int) )) "command" (list `rpk` `redpanda` `start` (printf `--advertise-rpc-addr=%s:%d` $internalAdvertiseAddress ($values.listeners.rpc.port | int))) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.StatefulSetVolumeMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.extraVolumeMounts) ))) "r"))) "securityContext" (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r") "resources" (mustMergeOverwrite (dict ) (dict )) )) -}} {{- if (not (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" (dig `recovery_mode_enabled` false $values.config.node)) ))) "r")) -}} {{- $_ := (set $container "readinessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -x` `RESULT=$(rpk cluster health)` `echo $RESULT` `echo $RESULT | grep 'Healthy:.*true'` ``))) )) )) (dict "initialDelaySeconds" ($values.statefulset.readinessProbe.initialDelaySeconds | int) "timeoutSeconds" ($values.statefulset.readinessProbe.timeoutSeconds | int) "periodSeconds" ($values.statefulset.readinessProbe.periodSeconds | int) "successThreshold" ($values.statefulset.readinessProbe.successThreshold | int) "failureThreshold" ($values.statefulset.readinessProbe.failureThreshold | int) ))) -}} {{- end -}} @@ -322,12 +333,12 @@ {{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "schema-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} {{- end -}} {{- end -}} -{{- if (and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (ne (get (fromJson (include "redpanda.storageTieredMountType" (dict "a" (list $dot) ))) "r") "none")) -}} +{{- if (and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none")) -}} {{- $name := "tiered-storage-dir" -}} {{- if (and (ne $values.storage.persistentVolume (coalesce nil)) (ne $values.storage.persistentVolume.nameOverwrite "")) -}} {{- $name = $values.storage.persistentVolume.nameOverwrite -}} {{- end -}} -{{- $_ := (set $container "volumeMounts" (concat (default (list ) $container.volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" (get (fromJson (include "redpanda.storageTieredCacheDirectory" (dict "a" (list $dot) ))) "r") ))))) -}} +{{- $_ := (set $container "volumeMounts" (concat (default (list ) $container.volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") ))))) -}} {{- end -}} {{- $_ := (set $container.resources "limits" (dict "cpu" $values.resources.cpu.cores "memory" $values.resources.memory.container.max )) -}} {{- if (ne $values.resources.memory.container.min (coalesce nil)) -}} @@ -403,3 +414,171 @@ {{- end -}} {{- end -}} +{{- define "redpanda.StatefulSet" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_0" (dict "a" (list $dot) ))) "r")) (not $values.force)) -}} +{{- $sv := (get (fromJson (include "redpanda.semver" (dict "a" (list $dot) ))) "r") -}} +{{- $_ := (fail (printf "Error: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding `--force=true`\n" $sv)) -}} +{{- end -}} +{{- $ss := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) "status" (dict "replicas" 0 "availableReplicas" 0 ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "StatefulSet" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) (dict "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) "serviceName" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") "replicas" ($values.statefulset.replicas | int) "updateStrategy" $values.statefulset.updateStrategy "podManagementPolicy" "Parallel" "template" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "labels" (get (fromJson (include "redpanda.StatefulSetPodLabels" (dict "a" (list $dot) ))) "r") "annotations" (get (fromJson (include "redpanda.StatefulSetPodAnnotations" (dict "a" (list $dot (get (fromJson (include "redpanda.statefulSetChecksumAnnotation" (dict "a" (list $dot) ))) "r")) ))) "r") )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "terminationGracePeriodSeconds" ($values.statefulset.terminationGracePeriodSeconds | int64) "securityContext" (get (fromJson (include "redpanda.PodSecurityContext" (dict "a" (list $dot) ))) "r") "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "imagePullSecrets" (default (coalesce nil) $values.imagePullSecrets) "initContainers" (get (fromJson (include "redpanda.StatefulSetInitContainers" (dict "a" (list $dot) ))) "r") "containers" (get (fromJson (include "redpanda.StatefulSetContainers" (dict "a" (list $dot) ))) "r") "volumes" (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") "topologySpreadConstraints" (get (fromJson (include "redpanda.statefulSetTopologySpreadConstraints" (dict "a" (list $dot) ))) "r") "nodeSelector" (get (fromJson (include "redpanda.statefulSetNodeSelectors" (dict "a" (list $dot) ))) "r") "affinity" (get (fromJson (include "redpanda.statefulSetAffinity" (dict "a" (list $dot) ))) "r") "priorityClassName" $values.statefulset.priorityClassName "tolerations" (get (fromJson (include "redpanda.statefulSetTolerations" (dict "a" (list $dot) ))) "r") )) )) "volumeClaimTemplates" (coalesce nil) )) )) -}} +{{- if (or $values.storage.persistentVolume.enabled ((and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (eq (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")))) -}} +{{- $t_13 := (get (fromJson (include "redpanda.volumeClaimTemplateDatadir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $t_13 (coalesce nil)) -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_13))) -}} +{{- end -}} +{{- $t_14 := (get (fromJson (include "redpanda.volumeClaimTemplateTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $t_14 (coalesce nil)) -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_14))) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" $ss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.semver" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- (dict "r" (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetChecksumAnnotation" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- $dependencies := (coalesce nil) -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "redpanda.ConfigMapsWithoutSeedServer" (dict "a" (list $dot) ))) "r"))) -}} +{{- if $values.external.enabled -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r"))) -}} +{{- if (empty $values.external.addresses) -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list "")) -}} +{{- else -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list $values.external.addresses)) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" (sha256sum (toJson $dependencies))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetTolerations" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- (dict "r" (default $values.tolerations $values.statefulset.tolerations)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetNodeSelectors" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- (dict "r" (default $values.statefulset.nodeSelector $values.nodeSelector)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetAffinity" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- $affinity := (mustMergeOverwrite (dict ) (dict )) -}} +{{- if (not (empty $values.statefulset.nodeAffinity)) -}} +{{- $_ := (set $affinity "nodeAffinity" $values.statefulset.nodeAffinity) -}} +{{- else -}}{{- if (not (empty $values.affinity.nodeAffinity)) -}} +{{- $_ := (set $affinity "nodeAffinity" $values.affinity.nodeAffinity) -}} +{{- end -}} +{{- end -}} +{{- if (not (empty $values.statefulset.podAffinity)) -}} +{{- $_ := (set $affinity "podAffinity" $values.statefulset.podAffinity) -}} +{{- else -}}{{- if (not (empty $values.affinity.podAffinity)) -}} +{{- $_ := (set $affinity "podAffinity" $values.affinity.podAffinity) -}} +{{- end -}} +{{- end -}} +{{- if (not (empty $values.statefulset.podAntiAffinity)) -}} +{{- $_ := (set $affinity "podAntiAffinity" (mustMergeOverwrite (dict ) (dict ))) -}} +{{- if (eq $values.statefulset.podAntiAffinity.type "hard") -}} +{{- $_ := (set $affinity.podAntiAffinity "requiredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.statefulset.podAntiAffinity.topologyKey "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) )))) -}} +{{- else -}}{{- if (eq $values.statefulset.podAntiAffinity.type "soft") -}} +{{- $_ := (set $affinity.podAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "weight" 0 "podAffinityTerm" (dict "topologyKey" "" ) ) (dict "weight" ($values.statefulset.podAntiAffinity.weight | int) "podAffinityTerm" (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.statefulset.podAntiAffinity.topologyKey "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) )) )))) -}} +{{- else -}}{{- if (eq $values.statefulset.podAntiAffinity.type "custom") -}} +{{- $_ := (set $affinity "podAntiAffinity" $values.statefulset.podAntiAffinity.custom) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- else -}}{{- if (not (empty $values.affinity.podAntiAffinity)) -}} +{{- $_ := (set $affinity "podAntiAffinity" $values.affinity.podAntiAffinity) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" $affinity) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.volumeClaimTemplateDatadir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.storage.persistentVolume.enabled) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" "datadir" "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) $values.storage.persistentVolume.labels $values.commonLabels) "annotations" (default (coalesce nil) $values.storage.persistentVolume.annotations) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" $values.storage.persistentVolume.size ) )) )) )) -}} +{{- if (not (empty $values.storage.persistentVolume.storageClass)) -}} +{{- if (eq $values.storage.persistentVolume.storageClass "-") -}} +{{- $_ := (set $pvc.spec "storageClassName" "") -}} +{{- else -}} +{{- $_ := (set $pvc.spec "storageClassName" $values.storage.persistentVolume.storageClass) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" $pvc) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.volumeClaimTemplateTieredStorageDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (default "tiered-storage-dir" $values.storage.persistentVolume.nameOverwrite) "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeLabels" (dict "a" (list $values.storage) ))) "r") $values.commonLabels) "annotations" (default (coalesce nil) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeAnnotations" (dict "a" (list $values.storage) ))) "r")) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" (index (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") `cloud_storage_cache_size`) ) )) )) )) -}} +{{- $sc_15 := (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeStorageClass" (dict "a" (list $values.storage) ))) "r") -}} +{{- if (eq $sc_15 "-") -}} +{{- $_ := (set $pvc.spec "storageClassName" "") -}} +{{- else -}}{{- if (not (empty $sc_15)) -}} +{{- $_ := (set $pvc.spec "storageClassName" $sc_15) -}} +{{- end -}} +{{- end -}} +{{- (dict "r" $pvc) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetTopologySpreadConstraints" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (list (semverCompare ">=1.16-0" $dot.Capabilities.KubeVersion.GitVersion) nil)) ))) "r") -}} +{{- $test_16 := $tmp_tuple_5.T1 -}} +{{- if (not $test_16) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $result := (coalesce nil) -}} +{{- $labelSelector := (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) -}} +{{- range $_, $v := $values.statefulset.topologySpreadConstraints -}} +{{- $result = (concat (default (list ) $result) (list (mustMergeOverwrite (dict "maxSkew" 0 "topologyKey" "" "whenUnsatisfiable" "" ) (dict "maxSkew" ($v.maxSkew | int) "topologyKey" $v.topologyKey "whenUnsatisfiable" $v.whenUnsatisfiable "labelSelector" $labelSelector )))) -}} +{{- end -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/templates/secrets.go.tpl b/charts/redpanda/templates/secrets.go.tpl index d16d6f51c0..db5ff76653 100644 --- a/charts/redpanda/templates/secrets.go.tpl +++ b/charts/redpanda/templates/secrets.go.tpl @@ -189,7 +189,7 @@ echo "passed"`) -}} {{- range $externalName, $externalVals := $values.listeners.kafka.external -}} {{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} {{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} -{{- range $_, $replicaIndex := (until ($values.statefulset.replicas | int)) -}} +{{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} {{- $port := ($externalVals.port | int) -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} {{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} @@ -229,7 +229,7 @@ echo "passed"`) -}} {{- range $externalName, $externalVals := $values.listeners.http.external -}} {{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} {{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} -{{- range $_, $replicaIndex := (until ($values.statefulset.replicas | int)) -}} +{{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} {{- $port := ($externalVals.port | int) -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} {{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} diff --git a/charts/redpanda/templates/service.loadbalancer.go.tpl b/charts/redpanda/templates/service.loadbalancer.go.tpl index 31115411cc..9a7a2bfd03 100644 --- a/charts/redpanda/templates/service.loadbalancer.go.tpl +++ b/charts/redpanda/templates/service.loadbalancer.go.tpl @@ -18,7 +18,7 @@ {{- $selector := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") -}} {{- $services := (coalesce nil) -}} {{- $replicas := ($values.statefulset.replicas | int) -}} -{{- range $_, $i := untilStep ((0 | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} {{- $podname := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i) -}} {{- $annotations := (dict ) -}} {{- range $k, $v := $values.external.annotations -}} @@ -26,7 +26,7 @@ {{- end -}} {{- if $externalDNS.enabled -}} {{- $prefix := $podname -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) $i) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) ($i | int)) -}} {{- $prefix = (index $values.external.addresses $i) -}} {{- end -}} {{- $address := (printf "%s.%s" $prefix (tpl $values.external.domain $dot)) -}} diff --git a/charts/redpanda/templates/statefulset.yaml b/charts/redpanda/templates/statefulset.yaml index d8cfb6d321..5cd23e437f 100644 --- a/charts/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/templates/statefulset.yaml @@ -18,163 +18,8 @@ limitations under the License. {{- include "fail-on-unsupported-helm-version" . -}} {{- include "fail-on-insecure-sasl-logging" . -}} -{{- $values := .Values }} -{{- $internalAdvertiseAddress := printf "%s.%s" "$(SERVICE_NAME)" (include "redpanda.internal.domain" .) -}} -{{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset -}} -{{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset -}} - -{{- if not (include "redpanda-atleast-22-2-0" . | fromJson).bool -}} - {{- if eq (get .Values "force" | default false) false -}} - {{- fail ( - printf "\n\nError: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding `--force=true`\n" (( include "redpanda.semver" . )) - ) - -}} - {{- end -}} -{{- end -}} - -{{- $initContainers := (get ((include "redpanda.StatefulSetInitContainers" (dict "a" (list .))) | fromJson) "r") -}} -{{- $containers := (get ((include "redpanda.StatefulSetContainers" (dict "a" (list .))) | fromJson) "r") -}} +{{- $ss := (get ((include "redpanda.StatefulSet" (dict "a" (list .))) | fromJson) "r") -}} +{{- if ne $ss nil -}} --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "redpanda.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} -spec: - selector: - matchLabels: {{ (include "statefulset-pod-labels-selector" .) | nindent 6 }} - serviceName: {{ template "redpanda.servicename" . }} - replicas: {{ .Values.statefulset.replicas | int64 }} - updateStrategy: - {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} - podManagementPolicy: "Parallel" - template: - metadata: - labels: {{ (include "statefulset-pod-labels" .) | nindent 8 }} - annotations:{{ ( get ( (include "redpanda.StatefulSetPodAnnotations" (dict "a" (list . (include "statefulset-checksum-annotation" .) )) ) | fromJson) "r" ) | toYaml | nindent 8 }} - spec: - terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} - securityContext: {{ include "pod-security-context" . | nindent 8 }} - serviceAccountName: {{ include "redpanda.serviceAccountName" . }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} - initContainers: -{{- if not (empty $initContainers) }} -{{- toYaml $initContainers | nindent 8 }} -{{- end }} - containers: -{{- if not (empty $containers) }} -{{- toYaml $containers | nindent 8 }} -{{- end }} - volumes: {{ (get ((include "redpanda.StatefulSetVolumes" (dict "a" (list .))) | fromJson) "r") | toYaml | nindent 8 }} - - name: datadir - {{- if .Values.storage.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: datadir - {{- else if .Values.storage.hostPath }} - hostPath: - path: {{ .Values.storage.hostPath | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} - {{- $tieredType := include "storage-tiered-mountType" . }} - {{- if and (ne $tieredType "none") (ne $tieredType "persistentVolume") }} - - name: tiered-storage-dir - {{- if eq $tieredType "hostPath" }} - hostPath: - path: {{ include "storage-tiered-hostpath" . }} - {{- else }} - emptyDir: - sizeLimit: {{ (include "storage-tiered-config" . | fromJson).cloud_storage_cache_size }} - {{- end }} - {{- end }} - {{- end }} -{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} - topologySpreadConstraints: - {{- range $v := .Values.statefulset.topologySpreadConstraints }} - - maxSkew: {{ $v.maxSkew }} - topologyKey: {{ $v.topologyKey }} - whenUnsatisfiable: {{ $v.whenUnsatisfiable }} - labelSelector: - matchLabels: {{ include "statefulset-pod-labels-selector" $ | nindent 14 }} - {{- end }} -{{- end }} -{{- with ( include "statefulset-nodeSelectors" . ) }} - nodeSelector: {{- . | nindent 8 }} -{{- end }} -{{- with ( include "statefulset-affinity" . ) }} - affinity: {{- . | nindent 8 }} -{{- end }} -{{- if .Values.statefulset.priorityClassName }} - priorityClassName: {{ .Values.statefulset.priorityClassName }} -{{- end }} -{{- with ( include "statefulset-tolerations" . ) }} - tolerations: {{- . | nindent 8 }} -{{- end }} -{{- if or .Values.storage.persistentVolume.enabled (and (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (eq (include "storage-tiered-mountType" .) "persistentVolume" )) }} - volumeClaimTemplates: -{{- if .Values.storage.persistentVolume.enabled }} - - metadata: - name: datadir - labels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: {{ template "redpanda.name" . }} - {{- with .Values.storage.persistentVolume.labels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.commonLabels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.storage.persistentVolume.annotations }} - annotations: {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: ["ReadWriteOnce"] - {{- if .Values.storage.persistentVolume.storageClass }} - {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.storage.persistentVolume.size | quote }} -{{- end }} -{{- if and (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (eq (include "storage-tiered-mountType" .) "persistentVolume") }} - - metadata: - name: {{ default "tiered-storage-dir" .Values.storage.persistentVolume.nameOverwrite }} - labels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: {{ template "redpanda.name" . }} - {{- with (include "storage-tiered-persistentvolume" . | fromJson).labels }} - {{ toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.commonLabels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with (include "storage-tiered-persistentvolume" . | fromJson).annotations }} - annotations: {{ toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: ["ReadWriteOnce"] - {{- with (include "storage-tiered-persistentvolume" . | fromJson).storageClass }} - {{- if eq "-" . }} - storageClassName: "" - {{- else }} - storageClassName: {{ . }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ (include "storage-tiered-config" .|fromJson).cloud_storage_cache_size }} -{{- end }} -{{- end }} +{{toYaml $ss}} +{{- end -}} diff --git a/charts/redpanda/templates/values.go.tpl b/charts/redpanda/templates/values.go.tpl index 687a796898..475cdd8fe7 100644 --- a/charts/redpanda/templates/values.go.tpl +++ b/charts/redpanda/templates/values.go.tpl @@ -127,6 +127,112 @@ {{- end -}} {{- end -}} +{{- define "redpanda.Storage.GetTieredStorageHostPath" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $hp := $s.tieredStorageHostPath -}} +{{- if (and (empty $hp) (ne $s.tiered (coalesce nil))) -}} +{{- $hp = $s.tiered.hostPath -}} +{{- end -}} +{{- if (empty $hp) -}} +{{- $_ := (fail (printf `storage.tiered.mountType is "%s" but storage.tiered.hostPath is empty` $s.tiered.mountType)) -}} +{{- end -}} +{{- (dict "r" $hp) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.CloudStorageCacheSize" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s) ))) "r") `cloud_storage_cache_size` (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_4.T2 -}} +{{- $value := $tmp_tuple_4.T1 -}} +{{- if (not $ok) -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredCacheDirectory" -}} +{{- $s := (index .a 0) -}} +{{- $dot := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $config := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s) ))) "r") -}} +{{- $dir := (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" (dig `cloud_storage_cache_directory` "/var/lib/redpanda/data/cloud_storage_cache" $config)) ))) "r") -}} +{{- if (eq $dir "") -}} +{{- (dict "r" "/var/lib/redpanda/data/cloud_storage_cache") | toJson -}} +{{- break -}} +{{- end -}} +{{- (dict "r" $dir) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredMountType" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- if (and (ne $s.tieredStoragePersistentVolume (coalesce nil)) $s.tieredStoragePersistentVolume.enabled) -}} +{{- (dict "r" "persistentVolume") | toJson -}} +{{- break -}} +{{- end -}} +{{- if (not (empty $s.tieredStorageHostPath)) -}} +{{- (dict "r" "hostPath") | toJson -}} +{{- break -}} +{{- end -}} +{{- (dict "r" $s.tiered.mountType) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeLabels" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- if (ne $s.tieredStoragePersistentVolume (coalesce nil)) -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.labels) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne $s.tiered (coalesce nil)) -}} +{{- (dict "r" $s.tiered.persistentVolume.labels) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (fail `storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeAnnotations" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- if (ne $s.tieredStoragePersistentVolume (coalesce nil)) -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.annotations) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne $s.tiered (coalesce nil)) -}} +{{- (dict "r" $s.tiered.persistentVolume.annotations) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (fail `storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeStorageClass" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- if (ne $s.tieredStoragePersistentVolume (coalesce nil)) -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.storageClass) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne $s.tiered (coalesce nil)) -}} +{{- (dict "r" $s.tiered.persistentVolume.storageClass) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (fail `storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) -}} +{{- end -}} +{{- end -}} + {{- define "redpanda.Storage.Translate" -}} {{- $s := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -144,15 +250,15 @@ {{- $_ := (set $result $k (printf "%d" ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $v) ))) "r") | int64))) -}} {{- continue -}} {{- end -}} -{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" $v "") ))) "r")) ))) "r") -}} -{{- $ok_3 := $tmp_tuple_5.T2 -}} -{{- $str_2 := $tmp_tuple_5.T1 -}} -{{- $tmp_tuple_6 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r")) ))) "r") -}} -{{- $ok_5 := $tmp_tuple_6.T2 -}} -{{- $b_4 := $tmp_tuple_6.T1 -}} -{{- $tmp_tuple_7 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} -{{- $isFloat_7 := $tmp_tuple_7.T2 -}} -{{- $f_6 := ($tmp_tuple_7.T1 | float64) -}} +{{- $tmp_tuple_6 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" $v "") ))) "r")) ))) "r") -}} +{{- $ok_3 := $tmp_tuple_6.T2 -}} +{{- $str_2 := $tmp_tuple_6.T1 -}} +{{- $tmp_tuple_7 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r")) ))) "r") -}} +{{- $ok_5 := $tmp_tuple_7.T2 -}} +{{- $b_4 := $tmp_tuple_7.T1 -}} +{{- $tmp_tuple_8 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} +{{- $isFloat_7 := $tmp_tuple_8.T2 -}} +{{- $f_6 := ($tmp_tuple_8.T1 | float64) -}} {{- if $ok_3 -}} {{- $_ := (set $result $k $str_2) -}} {{- else -}}{{- if $ok_5 -}} @@ -189,9 +295,9 @@ {{- $result := (dict ) -}} {{- $s := (toJson $t) -}} {{- $tune := (fromJson $s) -}} -{{- $tmp_tuple_8 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r")) ))) "r") -}} -{{- $ok := $tmp_tuple_8.T2 -}} -{{- $m := $tmp_tuple_8.T1 -}} +{{- $tmp_tuple_9 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_9.T2 -}} +{{- $m := $tmp_tuple_9.T1 -}} {{- if (not $ok) -}} {{- (dict "r" (dict )) | toJson -}} {{- break -}} @@ -211,7 +317,7 @@ {{- $internalDomain := (index .a 3) -}} {{- range $_ := (list 1) -}} {{- $result := (coalesce nil) -}} -{{- range $_, $i := untilStep ((0 | int)|int) ($replicas|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} {{- $result = (concat (default (list ) $result) (list (dict "host" (dict "address" (printf "%s-%d.%s" $fullname $i $internalDomain) "port" ($l.rpc.port | int) ) ))) -}} {{- end -}} {{- (dict "r" $result) | toJson -}} @@ -226,7 +332,7 @@ {{- $internalDomain := (index .a 3) -}} {{- range $_ := (list 1) -}} {{- $result := (coalesce nil) -}} -{{- range $_, $i := untilStep ((0 | int)|int) ($replicas|int) (1|int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} {{- $result = (concat (default (list ) $result) (list (printf "%s-%d.%s:%d" $fullname $i $internalDomain (($l.admin.port | int) | int)))) -}} {{- end -}} {{- (dict "r" $result) | toJson -}} @@ -280,9 +386,9 @@ {{- $m := (index .a 0) -}} {{- $name := (index .a 1) -}} {{- range $_ := (list 1) -}} -{{- $tmp_tuple_11 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (coalesce nil)) ))) "r")) ))) "r") -}} -{{- $ok := $tmp_tuple_11.T2 -}} -{{- $cert := $tmp_tuple_11.T1 -}} +{{- $tmp_tuple_12 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_12.T2 -}} +{{- $cert := $tmp_tuple_12.T1 -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "Certificate %q referenced, but not found in the tls.certs map" $name)) -}} {{- end -}} @@ -727,8 +833,8 @@ {{- $result := (dict ) -}} {{- range $k, $v := $c -}} {{- if (not (empty $v)) -}} -{{- $tmp_tuple_14 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} -{{- $ok_14 := $tmp_tuple_14.T2 -}} +{{- $tmp_tuple_15 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} +{{- $ok_14 := $tmp_tuple_15.T2 -}} {{- if $ok_14 -}} {{- $_ := (set $result $k $v) -}} {{- else -}} @@ -751,24 +857,24 @@ {{- if (and (eq $k "default_topic_replications") (not $skipDefaultTopic)) -}} {{- $r := ($replicas | int) -}} {{- $input := ($r | int) -}} -{{- $tmp_tuple_15 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asintegral" (dict "a" (list $v) ))) "r")) ))) "r") -}} -{{- $ok_16 := $tmp_tuple_15.T2 -}} -{{- $num_15 := ($tmp_tuple_15.T1 | int) -}} +{{- $tmp_tuple_16 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asintegral" (dict "a" (list $v) ))) "r")) ))) "r") -}} +{{- $ok_16 := $tmp_tuple_16.T2 -}} +{{- $num_15 := ($tmp_tuple_16.T1 | int) -}} {{- if $ok_16 -}} {{- $input = $num_15 -}} {{- end -}} -{{- $tmp_tuple_16 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} -{{- $ok_18 := $tmp_tuple_16.T2 -}} -{{- $f_17 := ($tmp_tuple_16.T1 | float64) -}} +{{- $tmp_tuple_17 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} +{{- $ok_18 := $tmp_tuple_17.T2 -}} +{{- $f_17 := ($tmp_tuple_17.T1 | float64) -}} {{- if $ok_18 -}} {{- $input = ($f_17 | int) -}} {{- end -}} {{- $_ := (set $result $k (min ($input | int64) (((sub ((add $r (((mod $r (2 | int)) | int))) | int) (1 | int)) | int) | int64))) -}} {{- continue -}} {{- end -}} -{{- $tmp_tuple_17 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r")) ))) "r") -}} -{{- $ok_20 := $tmp_tuple_17.T2 -}} -{{- $b_19 := $tmp_tuple_17.T1 -}} +{{- $tmp_tuple_18 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r")) ))) "r") -}} +{{- $ok_20 := $tmp_tuple_18.T2 -}} +{{- $b_19 := $tmp_tuple_18.T1 -}} {{- if $ok_20 -}} {{- $_ := (set $result $k $b_19) -}} {{- continue -}} diff --git a/charts/redpanda/testdata/ci/01-default-values.yaml.golden b/charts/redpanda/testdata/ci/01-default-values.yaml.golden index 1c50749130..8a7140c0b0 100644 --- a/charts/redpanda/testdata/ci/01-default-values.yaml.golden +++ b/charts/redpanda/testdata/ci/01-default-values.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml.golden b/charts/redpanda/testdata/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml.golden index 8655b3d826..d86a4e8ff2 100644 --- a/charts/redpanda/testdata/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml.golden +++ b/charts/redpanda/testdata/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml.golden @@ -601,8 +601,7 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -610,20 +609,23 @@ metadata: app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 testlabel: exercise_common_labels_template + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 1 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 1 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 42c4bda70c2a4121c5c80986b90bc9943a2452031fc76a3c6550a0f93854e8be + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm @@ -631,259 +633,265 @@ spec: helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda testlabel: exercise_common_labels_template - annotations: - config.redpanda.com/checksum: 42c4bda70c2a4121c5c80986b90bc9943a2452031fc76a3c6550a0f93854e8be spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - testlabel: exercise_common_labels_template - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "3Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + testlabel: exercise_common_labels_template + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/03-one-node-cluster-tls-no-sasl-values.yaml.golden b/charts/redpanda/testdata/ci/03-one-node-cluster-tls-no-sasl-values.yaml.golden index f27165dd0c..6308e85b75 100644 --- a/charts/redpanda/testdata/ci/03-one-node-cluster-tls-no-sasl-values.yaml.golden +++ b/charts/redpanda/testdata/ci/03-one-node-cluster-tls-no-sasl-values.yaml.golden @@ -699,310 +699,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 1 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 1 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: c5ae9da693aaaae8093172206ec0bf853abaa811e15da4a7792627a0e8a3ee19 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: c5ae9da693aaaae8093172206ec0bf853abaa811e15da4a7792627a0e8a3ee19 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "3Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/04-one-node-cluster-no-tls-sasl-values.yaml.golden b/charts/redpanda/testdata/ci/04-one-node-cluster-no-tls-sasl-values.yaml.golden index 311bb4a8e9..1f39e92765 100644 --- a/charts/redpanda/testdata/ci/04-one-node-cluster-no-tls-sasl-values.yaml.golden +++ b/charts/redpanda/testdata/ci/04-one-node-cluster-no-tls-sasl-values.yaml.golden @@ -717,301 +717,309 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 1 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 1 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 5d86696a9a779ae6c22014da0ed174482d8e799e05d2822001a78d06a2255536 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 5d86696a9a779ae6c22014da0ed174482d8e799e05d2822001a78d06a2255536 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: users - secret: - secretName: redpanda-users - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: users + secret: + secretName: redpanda-users + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "3Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/05-one-node-cluster-tls-sasl-values.yaml.golden b/charts/redpanda/testdata/ci/05-one-node-cluster-tls-sasl-values.yaml.golden index 8d611609d4..147d4b977a 100644 --- a/charts/redpanda/testdata/ci/05-one-node-cluster-tls-sasl-values.yaml.golden +++ b/charts/redpanda/testdata/ci/05-one-node-cluster-tls-sasl-values.yaml.golden @@ -835,325 +835,334 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 1 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 1 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: e062907df2fdc4654699d6a19076bb1133c33c3d937dba45248bdb10becd87ce + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: e062907df2fdc4654699d6a19076bb1133c33c3d937dba45248bdb10becd87ce spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: users - secret: - secretName: redpanda-users - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: users + secret: + secretName: redpanda-users + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "3Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/06-rack-awareness-values.yaml.golden b/charts/redpanda/testdata/ci/06-rack-awareness-values.yaml.golden index 88d1e9f15a..7a1ae96496 100644 --- a/charts/redpanda/testdata/ci/06-rack-awareness-values.yaml.golden +++ b/charts/redpanda/testdata/ci/06-rack-awareness-values.yaml.golden @@ -856,310 +856,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: redpanda - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: redpanda + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/07-multiple-listeners-values.yaml.golden b/charts/redpanda/testdata/ci/07-multiple-listeners-values.yaml.golden index b4a7ec0878..8ab4c7ab81 100644 --- a/charts/redpanda/testdata/ci/07-multiple-listeners-values.yaml.golden +++ b/charts/redpanda/testdata/ci/07-multiple-listeners-values.yaml.golden @@ -798,334 +798,343 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 51cbf635fa009c2b13a32457cd12eeb14b17457c515fe9e6b5daaa551692ce2e + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 51cbf635fa009c2b13a32457cd12eeb14b17457c515fe9e6b5daaa551692ce2e spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/cert2 - name: redpanda-cert2-cert - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/cert2 - name: redpanda-cert2-cert - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 18083 - name: http-ext2 - - containerPort: 28083 - name: http-ext3 - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 19094 - name: kafka-ext2 - - containerPort: 29094 - name: kafka-ext3 - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - - containerPort: 18081 - name: schema-ext2 - - containerPort: 28081 - name: schema-ext3 - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/cert2 - name: redpanda-cert2-cert - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/cert2 - name: redpanda-cert2-cert - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-cert2-cert - secret: - defaultMode: 288 - secretName: redpanda-cert2-cert - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 18083 + name: http-ext2 + - containerPort: 28083 + name: http-ext3 + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 19094 + name: kafka-ext2 + - containerPort: 29094 + name: kafka-ext3 + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + - containerPort: 18081 + name: schema-ext2 + - containerPort: 28081 + name: schema-ext3 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-cert2-cert + secret: + defaultMode: 288 + secretName: redpanda-cert2-cert + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/08-custom-podantiaffinity-values.yaml.golden b/charts/redpanda/testdata/ci/08-custom-podantiaffinity-values.yaml.golden index dcd8213d9f..8f505072b9 100644 --- a/charts/redpanda/testdata/ci/08-custom-podantiaffinity-values.yaml.golden +++ b/charts/redpanda/testdata/ci/08-custom-podantiaffinity-values.yaml.golden @@ -736,309 +736,318 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/09-initcontainers-resources-values.yaml.golden b/charts/redpanda/testdata/ci/09-initcontainers-resources-values.yaml.golden index 5bc1e7c1d8..7a010363fa 100644 --- a/charts/redpanda/testdata/ci/09-initcontainers-resources-values.yaml.golden +++ b/charts/redpanda/testdata/ci/09-initcontainers-resources-values.yaml.golden @@ -791,390 +791,399 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /fake/lifecycle - name: test-extra-volume - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - chown 101:101 -R /var/lib/redpanda/data - image: busybox:latest - name: set-datadir-ownership - resources: - limits: - cpu: 200m - memory: 60Mi - requests: - cpu: 100m - memory: 20Mi - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /fake/lifecycle - name: test-extra-volume - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh ext4 - & wait $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: fs-validator - resources: - limits: - cpu: 200m - memory: 60Mi - requests: - cpu: 100m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /fake/lifecycle - name: test-extra-volume - - mountPath: /etc/secrets/fs-validator/scripts/ - name: redpanda-fs-validator - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: - limits: - cpu: 200m - memory: 60Mi - requests: - cpu: 100m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /fake/lifecycle - name: test-extra-volume - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator - - args: - - |- - set -xe - echo "Hello World!" - command: - - /bin/bash - - -c - image: mintel/docker-alpine-bash-curl-jq:latest - name: test-init-container + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /fake/lifecycle - name: test-extra-volume - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - - mountPath: /fake/lifecycle - name: test-extra-volume - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /fake/lifecycle + name: test-extra-volume + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: test-extra-volume - secret: - defaultMode: 508 - secretName: redpanda-sts-lifecycle - - name: datadir - persistentVolumeClaim: - claimName: datadir - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] - volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + - mountPath: /fake/lifecycle + name: test-extra-volume + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /fake/lifecycle + name: test-extra-volume + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - chown 101:101 -R /var/lib/redpanda/data + image: busybox:latest + name: set-datadir-ownership + resources: + limits: + cpu: 200m + memory: 60Mi + requests: + cpu: 100m + memory: 20Mi + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /fake/lifecycle + name: test-extra-volume + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh + ext4 & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: fs-validator resources: + limits: + cpu: 200m + memory: 60Mi requests: - storage: "20Gi" + cpu: 100m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /fake/lifecycle + name: test-extra-volume + - mountPath: /etc/secrets/fs-validator/scripts/ + name: redpanda-fs-validator + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: + limits: + cpu: 200m + memory: 60Mi + requests: + cpu: 100m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /fake/lifecycle + name: test-extra-volume + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + - args: + - |- + set -xe + echo "Hello World!" + command: + - /bin/bash + - -c + image: mintel/docker-alpine-bash-curl-jq:latest + name: test-init-container + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: test-extra-volume + secret: + defaultMode: 508 + secretName: redpanda-sts-lifecycle + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/10-external-addresses-values.yaml.golden b/charts/redpanda/testdata/ci/10-external-addresses-values.yaml.golden index b65eca2c50..41d8b00b2a 100644 --- a/charts/redpanda/testdata/ci/10-external-addresses-values.yaml.golden +++ b/charts/redpanda/testdata/ci/10-external-addresses-values.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: e8974d6832ef73106917bddd8a846306b3b8ef2c53df7fc1ff56172469ebe41e + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: e8974d6832ef73106917bddd8a846306b3b8ef2c53df7fc1ff56172469ebe41e spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/11-update-sasl-users-values.yaml.golden b/charts/redpanda/testdata/ci/11-update-sasl-users-values.yaml.golden index 7be7ebb490..d22c447354 100644 --- a/charts/redpanda/testdata/ci/11-update-sasl-users-values.yaml.golden +++ b/charts/redpanda/testdata/ci/11-update-sasl-users-values.yaml.golden @@ -872,325 +872,334 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: ef3df2c47b206f053e4a0366fd0b84faecb32a7373dbf864676d2dd23edf0f51 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: ef3df2c47b206f053e4a0366fd0b84faecb32a7373dbf864676d2dd23edf0f51 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: users - secret: - secretName: some-users - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: users + secret: + secretName: some-users + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/12-external-cert-secrets-values.yaml.golden b/charts/redpanda/testdata/ci/12-external-cert-secrets-values.yaml.golden index 53f162637c..4af5e4d6b0 100644 --- a/charts/redpanda/testdata/ci/12-external-cert-secrets-values.yaml.golden +++ b/charts/redpanda/testdata/ci/12-external-cert-secrets-values.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: abba47ca8f27251353ada62184c5f0fd264bffbbea310c981e8092ffef3aa2bb + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: abba47ca8f27251353ada62184c5f0fd264bffbbea310c981e8092ffef3aa2bb spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: external-tls-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: external-tls-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/13-loadbalancer-tls-values.yaml.golden b/charts/redpanda/testdata/ci/13-loadbalancer-tls-values.yaml.golden index 5330eee34a..fde2ed83b0 100644 --- a/charts/redpanda/testdata/ci/13-loadbalancer-tls-values.yaml.golden +++ b/charts/redpanda/testdata/ci/13-loadbalancer-tls-values.yaml.golden @@ -827,310 +827,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 05a49ac9ad322a349524c3890896770e2d7e1b12abae5a0d6fd6cd790ab389f6 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 05a49ac9ad322a349524c3890896770e2d7e1b12abae5a0d6fd6cd790ab389f6 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: external-tls-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: external-tls-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/14-prometheus-no-tls-values.yaml.golden b/charts/redpanda/testdata/ci/14-prometheus-no-tls-values.yaml.golden index eebdd4e09b..2c50cacd17 100644 --- a/charts/redpanda/testdata/ci/14-prometheus-no-tls-values.yaml.golden +++ b/charts/redpanda/testdata/ci/14-prometheus-no-tls-values.yaml.golden @@ -628,286 +628,294 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 0fdbd5c4fa322d2b8d62faf476af0e4f4bb902303aa1b2eb7e31f55f4c97b712 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 0fdbd5c4fa322d2b8d62faf476af0e4f4bb902303aa1b2eb7e31f55f4c97b712 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/15-prometheus-tls-values.yaml.golden b/charts/redpanda/testdata/ci/15-prometheus-tls-values.yaml.golden index e9866501f8..c3910ad269 100644 --- a/charts/redpanda/testdata/ci/15-prometheus-tls-values.yaml.golden +++ b/charts/redpanda/testdata/ci/15-prometheus-tls-values.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/16-controller-sidecar-values.yaml.golden b/charts/redpanda/testdata/ci/16-controller-sidecar-values.yaml.golden index cd2371cc78..c178fb6b65 100644 --- a/charts/redpanda/testdata/ci/16-controller-sidecar-values.yaml.golden +++ b/charts/redpanda/testdata/ci/16-controller-sidecar-values.yaml.golden @@ -966,325 +966,334 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - - args: - - --operator-mode=false - - --namespace=default - - --health-probe-bind-address=:8085 - - --metrics-bind-address=:9082 - - --additional-controllers=all - command: - - /manager - env: - - name: REDPANDA_HELM_RELEASE_NAME - value: redpanda - image: docker.redpanda.com/redpandadata/redpanda-operator:v2.1.10-23.2.18 - name: redpanda-controllers - resources: {} - securityContext: {} - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + - args: + - --operator-mode=false + - --namespace=default + - --health-probe-bind-address=:8085 + - --metrics-bind-address=:9082 + - --additional-controllers=all + command: + - /manager + env: + - name: REDPANDA_HELM_RELEASE_NAME + value: redpanda + image: docker.redpanda.com/redpandadata/redpanda-operator:v2.1.10-23.2.18 + name: redpanda-controllers + resources: {} + securityContext: {} + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/17-resources-without-unit-values.yaml.golden b/charts/redpanda/testdata/ci/17-resources-without-unit-values.yaml.golden index 4fe4e3f154..e414e96f22 100644 --- a/charts/redpanda/testdata/ci/17-resources-without-unit-values.yaml.golden +++ b/charts/redpanda/testdata/ci/17-resources-without-unit-values.yaml.golden @@ -736,313 +736,322 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: de0dd9427e4f54cdc93a697f0d1c217e9b301f01cec904f0512618536fbed9b0 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: de0dd9427e4f54cdc93a697f0d1c217e9b301f01cec904f0512618536fbed9b0 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: "1" - memory: 2500Mi - requests: - cpu: "1" - memory: 2500Mi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: "1" + memory: 2500Mi + requests: + cpu: "1" + memory: 2500Mi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/18-single-external-address-values.yaml.golden b/charts/redpanda/testdata/ci/18-single-external-address-values.yaml.golden index 67142be943..3fbcf79922 100644 --- a/charts/redpanda/testdata/ci/18-single-external-address-values.yaml.golden +++ b/charts/redpanda/testdata/ci/18-single-external-address-values.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 4a27e7a80ae5a21c7b141c4b77dabfb182456dcd45887a5e94fd2d03e1623f88 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 4a27e7a80ae5a21c7b141c4b77dabfb182456dcd45887a5e94fd2d03e1623f88 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl.golden index 4049c0b0ce..3aee19fddd 100644 --- a/charts/redpanda/testdata/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl.golden @@ -809,331 +809,340 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: tiered-storage-dir - emptyDir: - sizeLimit: 5.36870912e+09 + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 5368709120 + name: tiered-storage-dir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl.golden index ca62427f2c..34273268f2 100644 --- a/charts/redpanda/testdata/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl.golden @@ -810,331 +810,340 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: tiered-storage-dir - emptyDir: - sizeLimit: 5.36870912e+09 + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 5368709120 + name: tiered-storage-dir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl.golden index 9757c7c640..7d40bc2281 100644 --- a/charts/redpanda/testdata/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl.golden @@ -808,332 +808,341 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: tiered-storage-dir - emptyDir: - sizeLimit: 5.36870912e+09 + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 5368709120 + name: tiered-storage-dir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/23-aks-tiered-storage-without-creds-novalues.yaml.tpl.golden b/charts/redpanda/testdata/ci/23-aks-tiered-storage-without-creds-novalues.yaml.tpl.golden index 5732566135..a37bb3e9d1 100644 --- a/charts/redpanda/testdata/ci/23-aks-tiered-storage-without-creds-novalues.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/23-aks-tiered-storage-without-creds-novalues.yaml.tpl.golden @@ -745,332 +745,341 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 84c5bbc53cb974e65bb4b24e6dae81cedacda72aed00553b4fdd0b25ecebc2e9 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 84c5bbc53cb974e65bb4b24e6dae81cedacda72aed00553b4fdd0b25ecebc2e9 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: tiered-storage-dir - emptyDir: - sizeLimit: 5.36870912e+09 + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 5368709120 + name: tiered-storage-dir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden index fe6c1dcd5f..d42b8a6ae2 100644 --- a/charts/redpanda/testdata/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden @@ -809,339 +809,352 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" - - metadata: - name: tiered-storage-dir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl.golden index 0e5b417a09..1efcff88c1 100644 --- a/charts/redpanda/testdata/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl.golden @@ -810,339 +810,352 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" - - metadata: - name: tiered-storage-dir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden index 6b22ca07c0..4f670c2cf4 100644 --- a/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl.golden @@ -808,341 +808,354 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" - - metadata: - name: tiered-storage-dir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: managed-csi - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-without-creds-novalues.yaml.tpl.golden b/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-without-creds-novalues.yaml.tpl.golden index 90f0427584..1c9ed040f8 100644 --- a/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-without-creds-novalues.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/26-aks-tiered-storage-persistent-without-creds-novalues.yaml.tpl.golden @@ -745,341 +745,354 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" - - metadata: - name: tiered-storage-dir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: managed-csi - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden index f51b0c9b17..8558b81ee0 100644 --- a/charts/redpanda/testdata/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden @@ -809,339 +809,352 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: bae677e7b5d976acae5634a58d12bd98d997c8b0c63a7b002b6d24a050f334c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" - - metadata: - name: shadow-index-cache - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: shadow-index-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden index d12473e483..deb585fbee 100644 --- a/charts/redpanda/testdata/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden @@ -810,339 +810,352 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 5a4cc925a8332f8f9d19114a10ba0731815f696be66ba8f8819998c38c264760 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" - - metadata: - name: shadow-index-cache - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: shadow-index-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden index 78ebce308e..f85619cda5 100644 --- a/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl.golden @@ -808,341 +808,354 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" - - metadata: - name: shadow-index-cache - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: managed-csi - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: shadow-index-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-without-creds-novalues.yaml.tpl.golden b/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-without-creds-novalues.yaml.tpl.golden index 0a006a1ed9..5191087e6a 100644 --- a/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-without-creds-novalues.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/29-aks-tiered-storage-persistent-nameoverwrite-without-creds-novalues.yaml.tpl.golden @@ -745,341 +745,354 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 57023b8c14fc1a31226cbed8ad0c7dd4fe50796c08c198e069488d8688f1fa3d spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 400m - memory: 2.0Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: shadow-index-cache - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 400m + memory: 2.0Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: shadow-index-cache + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "managed-csi" - resources: - requests: - storage: "20Gi" - - metadata: - name: shadow-index-cache - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: managed-csi - resources: - requests: - storage: 5.36870912e+09 + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: managed-csi + status: {} + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: shadow-index-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5368709120 + storageClassName: managed-csi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/30-additional-flags-override-novalues.yaml.golden b/charts/redpanda/testdata/ci/30-additional-flags-override-novalues.yaml.golden index bc69fbec8a..7019cd0c86 100644 --- a/charts/redpanda/testdata/ci/30-additional-flags-override-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/30-additional-flags-override-novalues.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: e2c6336abac19289c456291a6d8f52dadc453ead0543a274495ee526809883ec + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: e2c6336abac19289c456291a6d8f52dadc453ead0543a274495ee526809883ec spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/31-overwrite-statefulset-pod-labels-values.yaml.golden b/charts/redpanda/testdata/ci/31-overwrite-statefulset-pod-labels-values.yaml.golden index e70101eed6..c15aa6a44f 100644 --- a/charts/redpanda/testdata/ci/31-overwrite-statefulset-pod-labels-values.yaml.golden +++ b/charts/redpanda/testdata/ci/31-overwrite-statefulset-pod-labels-values.yaml.golden @@ -736,28 +736,30 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm @@ -765,282 +767,289 @@ spec: azure.workload.identity/use: "true" helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/32-statefulset-podspec-novalues.yaml.golden b/charts/redpanda/testdata/ci/32-statefulset-podspec-novalues.yaml.golden index 064e3d39b4..5b4ccf5cbe 100644 --- a/charts/redpanda/testdata/ci/32-statefulset-podspec-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/32-statefulset-podspec-novalues.yaml.golden @@ -736,314 +736,323 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: EXTRA_ENV_VAR - value: THIS_IS_AN_EXAMPLE - - name: POD_IP - value: This is an override and will break the deployment - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: EXTRA_ENV_VAR + value: THIS_IS_AN_EXAMPLE + - name: POD_IP + value: This is an override and will break the deployment + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/33-advertised-ports-values.yaml.golden b/charts/redpanda/testdata/ci/33-advertised-ports-values.yaml.golden index e970bcc49a..802479fc86 100644 --- a/charts/redpanda/testdata/ci/33-advertised-ports-values.yaml.golden +++ b/charts/redpanda/testdata/ci/33-advertised-ports-values.yaml.golden @@ -801,318 +801,327 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 4 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 4 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 8f94180bfeb2e6cc2910576c0534b0db4443579a950277defd8096f6bf1107fb + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 8f94180bfeb2e6cc2910576c0534b0db4443579a950277defd8096f6bf1107fb spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 44449 - name: http-ext4 - - containerPort: 55559 - name: http-ext5 - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 22229 - name: kafka-ext2 - - containerPort: 33339 - name: kafka-ext3 - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 44449 + name: http-ext4 + - containerPort: 55559 + name: http-ext5 + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 22229 + name: kafka-ext2 + - containerPort: 33339 + name: kafka-ext3 + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/33-pod-selector-lables-novalues.yaml.golden b/charts/redpanda/testdata/ci/33-pod-selector-lables-novalues.yaml.golden index 482505758c..9322d805a9 100644 --- a/charts/redpanda/testdata/ci/33-pod-selector-lables-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/33-pod-selector-lables-novalues.yaml.golden @@ -745,17 +745,20 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda @@ -763,13 +766,12 @@ spec: redpanda.com/testing-samples: sample redpanda.com/testing-samples-two: two serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm @@ -779,288 +781,295 @@ spec: redpanda.com/testing: "true" redpanda.com/testing-samples: sample redpanda.com/testing-samples-two: two - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + redpanda.com/testing: "true" + redpanda.com/testing-samples: sample + redpanda.com/testing-samples-two: two + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - redpanda.com/testing: "true" - redpanda.com/testing-samples: sample - redpanda.com/testing-samples-two: two - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - redpanda.com/testing: "true" - redpanda.com/testing-samples: sample - redpanda.com/testing-samples-two: two - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + redpanda.com/testing: "true" + redpanda.com/testing-samples: sample + redpanda.com/testing-samples-two: two + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/34-security-contexts-novalues.yaml.golden b/charts/redpanda/testdata/ci/34-security-contexts-novalues.yaml.golden index a2a04ceaf9..85f7e7a308 100644 --- a/charts/redpanda/testdata/ci/34-security-contexts-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/34-security-contexts-novalues.yaml.golden @@ -966,337 +966,346 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 3333 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 2222 - runAsNonRoot: null - runAsUser: 1111 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 2222 - runAsNonRoot: null - runAsUser: 1111 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsGroup: 7777 - runAsNonRoot: true - runAsUser: 8888 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - - args: - - --operator-mode=false - - --namespace=default - - --health-probe-bind-address=:8085 - - --metrics-bind-address=:9082 - - --additional-controllers=all - command: - - /manager - env: - - name: REDPANDA_HELM_RELEASE_NAME - value: redpanda - image: docker.redpanda.com/redpandadata/redpanda-operator:v2.1.10-23.2.18 - name: redpanda-controllers - resources: {} - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsGroup: 1234 - runAsNonRoot: true - runAsUser: 5678 - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 2222 + runAsNonRoot: null + runAsUser: 1111 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 7777 + runAsNonRoot: true + runAsUser: 8888 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + - args: + - --operator-mode=false + - --namespace=default + - --health-probe-bind-address=:8085 + - --metrics-bind-address=:9082 + - --additional-controllers=all + command: + - /manager + env: + - name: REDPANDA_HELM_RELEASE_NAME + value: redpanda + image: docker.redpanda.com/redpandadata/redpanda-operator:v2.1.10-23.2.18 + name: redpanda-controllers + resources: {} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 1234 + runAsNonRoot: true + runAsUser: 5678 + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 2222 + runAsNonRoot: null + runAsUser: 1111 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 3333 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/34-statefulset-sidecars-novalues.yaml.golden b/charts/redpanda/testdata/ci/34-statefulset-sidecars-novalues.yaml.golden index 92cb50f3ae..38bfcc03de 100644 --- a/charts/redpanda/testdata/ci/34-statefulset-sidecars-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/34-statefulset-sidecars-novalues.yaml.golden @@ -923,347 +923,356 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - chown 101:101 -R /var/lib/redpanda/data - image: busybox:latest - name: set-datadir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh xfs - & wait $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: fs-validator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/secrets/fs-validator/scripts/ - name: redpanda-fs-validator - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - chown 101:101 -R /var/lib/redpanda/data + image: busybox:latest + name: set-datadir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh + xfs & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: fs-validator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/secrets/fs-validator/scripts/ + name: redpanda-fs-validator + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/35-connectors-novalues.yaml.golden b/charts/redpanda/testdata/ci/35-connectors-novalues.yaml.golden index c81793c509..bfb70a6a34 100644 --- a/charts/redpanda/testdata/ci/35-connectors-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/35-connectors-novalues.yaml.golden @@ -925,310 +925,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/36-single-external-address-with-template-domain-novalues.yaml.golden b/charts/redpanda/testdata/ci/36-single-external-address-with-template-domain-novalues.yaml.golden index e1beb985fc..886ef057ec 100644 --- a/charts/redpanda/testdata/ci/36-single-external-address-with-template-domain-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/36-single-external-address-with-template-domain-novalues.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 5f9a98ca7011f6ac12e4446728450034add597d05bf1ee8c87e56d7f98919b15 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 5f9a98ca7011f6ac12e4446728450034add597d05bf1ee8c87e56d7f98919b15 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/37-internal-service-changed-name-and-annotations-novalues.yaml.golden b/charts/redpanda/testdata/ci/37-internal-service-changed-name-and-annotations-novalues.yaml.golden index de969661aa..d3736c5d20 100644 --- a/charts/redpanda/testdata/ci/37-internal-service-changed-name-and-annotations-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/37-internal-service-changed-name-and-annotations-novalues.yaml.golden @@ -740,29 +740,31 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda test: test serviceName: change-name - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: a0a52a32abcf143cf2c51953d77d70ce4ab5712ecd682747c9319b3ebff36980 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm @@ -770,284 +772,291 @@ spec: helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda test: test - annotations: - config.redpanda.com/checksum: a0a52a32abcf143cf2c51953d77d70ce4ab5712ecd682747c9319b3ebff36980 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + test: test + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).change-name.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.change-name.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).change-name.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.change-name.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.change-name.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.change-name.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - test: test - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - test: test - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + test: test + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/38-post-install-upgrade-merges-novalues.yaml.golden b/charts/redpanda/testdata/ci/38-post-install-upgrade-merges-novalues.yaml.golden index e575251c35..16ed3161b0 100644 --- a/charts/redpanda/testdata/ci/38-post-install-upgrade-merges-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/38-post-install-upgrade-merges-novalues.yaml.golden @@ -736,288 +736,39 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 1000 - runAsNonRoot: null - runAsUser: 1000 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: - exec: - command: - - /bin/sh - - -c - - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 1000 - runAsNonRoot: null - runAsUser: 1000 - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda - name: redpanda - - emptyDir: {} - name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} affinity: - nodeAffinity: + nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: @@ -1028,31 +779,291 @@ spec: - antarctica-west1 podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: + - labelSelector: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: + exec: + command: + - /bin/bash + - -c + - | + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: + exec: + command: + - /bin/bash + - -c + - | + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 1000 + runAsNonRoot: null + runAsUser: 1000 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 1000 + runAsNonRoot: null + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 tolerations: - - effect: NoSchedule - key: example-key - operator: Exists - - effect: NoExecute - key: example-key-2 - operator: Exists + - effect: NoSchedule + key: example-key + operator: Exists + - effect: NoExecute + key: example-key-2 + operator: Exists + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/38-post-install-upgrade-no-overrides-novalues.yaml.golden b/charts/redpanda/testdata/ci/38-post-install-upgrade-no-overrides-novalues.yaml.golden index 1da5626e36..56de5a332d 100644 --- a/charts/redpanda/testdata/ci/38-post-install-upgrade-no-overrides-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/38-post-install-upgrade-no-overrides-novalues.yaml.golden @@ -736,288 +736,39 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 1000 - runAsNonRoot: null - runAsUser: 1000 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: - exec: - command: - - /bin/sh - - -c - - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 1000 - runAsNonRoot: null - runAsUser: 1000 - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda - name: redpanda - - emptyDir: {} - name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} affinity: - nodeAffinity: + nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: @@ -1028,31 +779,291 @@ spec: - antarctica-west1 podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: + - labelSelector: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: + exec: + command: + - /bin/bash + - -c + - | + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: + exec: + command: + - /bin/bash + - -c + - | + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 1000 + runAsNonRoot: null + runAsUser: 1000 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 1000 + runAsNonRoot: null + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 tolerations: - - effect: NoSchedule - key: example-key - operator: Exists - - effect: NoExecute - key: example-key-2 - operator: Exists + - effect: NoSchedule + key: example-key + operator: Exists + - effect: NoExecute + key: example-key-2 + operator: Exists + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/39-default-image-pull-secrets-novalues.yaml.golden b/charts/redpanda/testdata/ci/39-default-image-pull-secrets-novalues.yaml.golden index 3a28cb538d..cd0aa4e89b 100644 --- a/charts/redpanda/testdata/ci/39-default-image-pull-secrets-novalues.yaml.golden +++ b/charts/redpanda/testdata/ci/39-default-image-pull-secrets-novalues.yaml.golden @@ -736,313 +736,321 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - imagePullSecrets: - - name: secret-1 - - name: secret-2 - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: + - name: secret-1 + - name: secret-2 + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/96-audit-logging-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/96-audit-logging-values.yaml.tpl.golden index df11d6ccb7..870e018b7f 100644 --- a/charts/redpanda/testdata/ci/96-audit-logging-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/96-audit-logging-values.yaml.tpl.golden @@ -941,325 +941,334 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 6859d4a2c81a5aa4334a878e0ed3e2078eb4ebd0ce2b8a4b5a29ea73c79902fb + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 6859d4a2c81a5aa4334a878e0ed3e2078eb4ebd0ce2b8a4b5a29ea73c79902fb spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: users - secret: - secretName: redpanda-users - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: redpanda - - emptyDir: {} + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: users + secret: + secretName: redpanda-users + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/97-license-key-values.yaml.tpl.golden b/charts/redpanda/testdata/ci/97-license-key-values.yaml.tpl.golden index abe3fc76a0..7f17fcf29f 100644 --- a/charts/redpanda/testdata/ci/97-license-key-values.yaml.tpl.golden +++ b/charts/redpanda/testdata/ci/97-license-key-values.yaml.tpl.golden @@ -799,310 +799,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/98-license-secret-values.yaml.golden b/charts/redpanda/testdata/ci/98-license-secret-values.yaml.golden index 1fbc285633..6f3674bf1a 100644 --- a/charts/redpanda/testdata/ci/98-license-secret-values.yaml.golden +++ b/charts/redpanda/testdata/ci/98-license-secret-values.yaml.golden @@ -741,310 +741,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/ci/99-none-existent-config-options-with-empty-values.yaml.golden b/charts/redpanda/testdata/ci/99-none-existent-config-options-with-empty-values.yaml.golden index 44b291cd9b..6ec3a4c92b 100644 --- a/charts/redpanda/testdata/ci/99-none-existent-config-options-with-empty-values.yaml.golden +++ b/charts/redpanda/testdata/ci/99-none-existent-config-options-with-empty-values.yaml.golden @@ -761,331 +761,340 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: d7a32f46f77dd4a8417cfb5fa93a1027a8d25f9ee67b4b17c68c6e02bad248d4 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: d7a32f46f77dd4a8417cfb5fa93a1027a8d25f9ee67b4b17c68c6e02bad248d4 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: tiered-storage-dir - emptyDir: - sizeLimit: 11G + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 11G + name: tiered-storage-dir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v22.3.14-0.yaml.golden b/charts/redpanda/testdata/versions/default-v22.3.14-0.yaml.golden index 9c95e7831e..6c8b4bc1f7 100644 --- a/charts/redpanda/testdata/versions/default-v22.3.14-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v22.3.14-0.yaml.golden @@ -734,310 +734,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v22.3.14-1.yaml.golden b/charts/redpanda/testdata/versions/default-v22.3.14-1.yaml.golden index c2ada292b0..4cd14a742d 100644 --- a/charts/redpanda/testdata/versions/default-v22.3.14-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v22.3.14-1.yaml.golden @@ -797,310 +797,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v22.3.14-2.yaml.golden b/charts/redpanda/testdata/versions/default-v22.3.14-2.yaml.golden index 94578679d3..b80e266a0d 100644 --- a/charts/redpanda/testdata/versions/default-v22.3.14-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v22.3.14-2.yaml.golden @@ -740,310 +740,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v22.3.14 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.2-0.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.2-0.yaml.golden index 9b51278404..c2f112f9a4 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.2-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.2-0.yaml.golden @@ -734,310 +734,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.2-1.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.2-1.yaml.golden index da04073030..755d15139a 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.2-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.2-1.yaml.golden @@ -797,310 +797,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.2-2.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.2-2.yaml.golden index 5dce4b1ac8..b0fb7640ff 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.2-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.2-2.yaml.golden @@ -740,310 +740,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.2 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.3-0.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.3-0.yaml.golden index f98edf9579..aaf5b716cb 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.3-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.3-0.yaml.golden @@ -734,310 +734,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.3-1.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.3-1.yaml.golden index 62ab4a1dc1..d48569dbf3 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.3-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.3-1.yaml.golden @@ -797,310 +797,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.1.3-2.yaml.golden b/charts/redpanda/testdata/versions/default-v23.1.3-2.yaml.golden index 367b627faa..2d35182cae 100644 --- a/charts/redpanda/testdata/versions/default-v23.1.3-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.1.3-2.yaml.golden @@ -740,310 +740,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.1.3 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.2.1-0.yaml.golden b/charts/redpanda/testdata/versions/default-v23.2.1-0.yaml.golden index c4a9022b90..52ef825b97 100644 --- a/charts/redpanda/testdata/versions/default-v23.2.1-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.2.1-0.yaml.golden @@ -734,310 +734,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.2.1-1.yaml.golden b/charts/redpanda/testdata/versions/default-v23.2.1-1.yaml.golden index fcbb4ed002..4aa88bd496 100644 --- a/charts/redpanda/testdata/versions/default-v23.2.1-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.2.1-1.yaml.golden @@ -797,310 +797,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.2.1-2.yaml.golden b/charts/redpanda/testdata/versions/default-v23.2.1-2.yaml.golden index 0ccb9ef642..7bc2486734 100644 --- a/charts/redpanda/testdata/versions/default-v23.2.1-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.2.1-2.yaml.golden @@ -740,310 +740,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.2.1 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.3.0-0.yaml.golden b/charts/redpanda/testdata/versions/default-v23.3.0-0.yaml.golden index 034c23fb6e..5fba5efde0 100644 --- a/charts/redpanda/testdata/versions/default-v23.3.0-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.3.0-0.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.3.0-1.yaml.golden b/charts/redpanda/testdata/versions/default-v23.3.0-1.yaml.golden index dbf2bca36e..66c045401f 100644 --- a/charts/redpanda/testdata/versions/default-v23.3.0-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.3.0-1.yaml.golden @@ -799,310 +799,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v23.3.0-2.yaml.golden b/charts/redpanda/testdata/versions/default-v23.3.0-2.yaml.golden index 57712a75df..97a78c62a1 100644 --- a/charts/redpanda/testdata/versions/default-v23.3.0-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v23.3.0-2.yaml.golden @@ -742,310 +742,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v23.3.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v24.1.0-0.yaml.golden b/charts/redpanda/testdata/versions/default-v24.1.0-0.yaml.golden index f3e58326d5..c8767ce26f 100644 --- a/charts/redpanda/testdata/versions/default-v24.1.0-0.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v24.1.0-0.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v24.1.0-1.yaml.golden b/charts/redpanda/testdata/versions/default-v24.1.0-1.yaml.golden index 7cf1f55898..df88d0ca39 100644 --- a/charts/redpanda/testdata/versions/default-v24.1.0-1.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v24.1.0-1.yaml.golden @@ -799,310 +799,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/default-v24.1.0-2.yaml.golden b/charts/redpanda/testdata/versions/default-v24.1.0-2.yaml.golden index fbcb90d0b1..067c37c96d 100644 --- a/charts/redpanda/testdata/versions/default-v24.1.0-2.yaml.golden +++ b/charts/redpanda/testdata/versions/default-v24.1.0-2.yaml.golden @@ -742,310 +742,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-0.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-0.yaml.golden index d23d78366f..b286763602 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-0.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-0.yaml.golden @@ -734,310 +734,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 47e7241d8e1506c065e920869a7d7aa579ec7ae64f09345208cc87172db31302 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v23.2.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v23.2.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v23.2.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v23.2.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-1.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-1.yaml.golden index 29e020c05c..68dadf8afa 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-1.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-1.yaml.golden @@ -797,310 +797,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7b8d9f26d2f2278bb3c80cd90f6a985064c76561e7d47c49f00c4faf9c4cd962 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v23.2.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v23.2.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v23.2.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v23.2.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-2.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-2.yaml.golden index 68a17105dd..3e360bc039 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-2.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v23.2.8-2.yaml.golden @@ -740,310 +740,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: f3a4933fd725267b8ef5b097b227f65922110ee794dac7b3c11edd0ec61839ba spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v23.2.8 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v23.2.8 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v23.2.8 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v23.2.8 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v23.2.8 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-0.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-0.yaml.golden index af212186e2..00fc0be7e8 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-0.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-0.yaml.golden @@ -736,310 +736,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 04a1b9170dbfa1a5d92ef9d28394d433b64a8e4e463e8a654f9906a23d5de1e4 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-1.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-1.yaml.golden index 28fd5415e0..32253a1588 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-1.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-1.yaml.golden @@ -799,310 +799,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 7cce827ced32bccb833a4e0b24e704e0500a702db7f4b492da61ad7cb24a94db spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-2.yaml.golden b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-2.yaml.golden index 718d50d050..c2343d8daa 100644 --- a/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-2.yaml.golden +++ b/charts/redpanda/testdata/versions/somecustomrepo-v24.1.0-2.yaml.golden @@ -742,310 +742,319 @@ spec: apiVersion: apps/v1 kind: StatefulSet metadata: - name: redpanda - namespace: "default" + creationTimestamp: null labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 + name: redpanda + namespace: default spec: + podManagementPolicy: Parallel + replicas: 3 selector: - matchLabels: + matchLabels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda serviceName: redpanda - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" template: metadata: - labels: + annotations: + config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 + creationTimestamp: null + labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-5.8.12 redpanda.com/poddisruptionbudget: redpanda - annotations: - config.redpanda.com/checksum: 74ceba6b3c0da54b3245ced671dc0b0ac7663e32d2f0c39c6f10fe7780b183c7 spec: - terminationGracePeriodSeconds: 90 - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - serviceAccountName: default - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: somecustomrepo:v24.1.0 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: redpanda - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 - lifecycle: - postStart: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/postStart.sh - true - preStop: - exec: - command: - - /bin/bash - - -c - - | - timeout -v 45 bash -x /var/lifecycle/preStop.sh - true # do not fail and cause the pod to terminate - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - readinessProbe: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + lifecycle: + postStart: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -x - RESULT=$(rpk cluster health) - echo $RESULT - echo $RESULT | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: null - runAsGroup: 101 - runAsNonRoot: null - runAsUser: 101 - startupProbe: + timeout -v 45 bash -x /var/lifecycle/postStart.sh + true + preStop: exec: command: - - /bin/sh + - /bin/bash - -c - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: redpanda - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait - $! - command: - - /bin/sh - image: somecustomrepo:v24.1.0 - name: config-watcher - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /etc/secrets/config-watcher/scripts - name: redpanda-config-watcher - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda + timeout -v 45 bash -x /var/lifecycle/preStop.sh + true # do not fail and cause the pod to terminate + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + set -x + RESULT=$(rpk cluster health) + echo $RESULT + echo $RESULT | grep 'Healthy:.*true' + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: + limits: + cpu: 1 + memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config name: redpanda - - emptyDir: {} + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh + & wait $! + command: + - /bin/sh + image: somecustomrepo:v24.1.0 + name: config-watcher + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: redpanda-config-watcher - secret: - defaultMode: 509 - secretName: redpanda-config-watcher - - name: redpanda-fs-validator - secret: - defaultMode: 509 - secretName: redpanda-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir + - mountPath: /etc/secrets/config-watcher/scripts + name: redpanda-config-watcher + imagePullSecrets: null + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: somecustomrepo:v24.1.0 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: redpanda + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: somecustomrepo:v24.1.0 + name: redpanda-configurator + resources: {} + securityContext: + allowPrivilegeEscalation: null + runAsGroup: 101 + runAsNonRoot: null + runAsUser: 101 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: redpanda + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: default + terminationGracePeriodSeconds: 90 + tolerations: [] topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - nodeSelector: - {} - affinity: - - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - tolerations: - [] + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: redpanda-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: redpanda + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: redpanda-config-watcher + secret: + defaultMode: 509 + secretName: redpanda-config-watcher + - name: redpanda-fs-validator + secret: + defaultMode: 509 + secretName: redpanda-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + updateStrategy: + type: RollingUpdate volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: redpanda - app.kubernetes.io/instance: "redpanda" - app.kubernetes.io/component: redpanda - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "20Gi" + - metadata: + annotations: null + creationTimestamp: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +status: + availableReplicas: 0 + replicas: 0 --- # Source: redpanda/templates/console/configmap-and-deployment.yaml # before license changes, this was not printing a secret, so we gather in which case to print diff --git a/charts/redpanda/values.go b/charts/redpanda/values.go index efcbb36fc6..b28fc0537a 100644 --- a/charts/redpanda/values.go +++ b/charts/redpanda/values.go @@ -67,6 +67,7 @@ type Values struct { Tests *struct { Enabled bool `json:"enabled"` } `json:"tests"` + Force bool `json:"force"` } // +gotohelm:ignore=true @@ -381,6 +382,89 @@ func (s *Storage) GetTieredStorageConfig() TieredStorageConfig { return s.Tiered.Config } +// was: storage-tiered-hostpath +func (s *Storage) GetTieredStorageHostPath() string { + hp := s.TieredStorageHostPath + if helmette.Empty(hp) && s.Tiered != nil { + hp = s.Tiered.HostPath + } + if helmette.Empty(hp) { + panic(fmt.Sprintf(`storage.tiered.mountType is "%s" but storage.tiered.hostPath is empty`, + s.Tiered.MountType, + )) + } + return hp +} + +func (s *Storage) CloudStorageCacheSize() *resource.Quantity { + value, ok := s.GetTieredStorageConfig()[`cloud_storage_cache_size`] + if !ok { + return nil + } + return ptr.To(helmette.UnmarshalInto[resource.Quantity](value)) +} + +// TieredCacheDirectory was: tieredStorage.cacheDirectory +func (s *Storage) TieredCacheDirectory(dot *helmette.Dot) string { + config := s.GetTieredStorageConfig() + + dir := helmette.Dig(config, "/var/lib/redpanda/data/cloud_storage_cache", `cloud_storage_cache_directory`).(string) + if dir == "" { + return "/var/lib/redpanda/data/cloud_storage_cache" + } + return dir +} + +// TieredMountType was: storage-tiered-mountType +func (s *Storage) TieredMountType() string { + if s.TieredStoragePersistentVolume != nil && s.TieredStoragePersistentVolume.Enabled { + return "persistentVolume" + } + if !helmette.Empty(s.TieredStorageHostPath) { + // XXX type is declared as string, but it's being used as a bool + // This needs some care since transpilation fails with a `!= ""` check, + // missing null values. + return "hostPath" + } + return s.Tiered.MountType +} + +// Storage.TieredPersistentVolumeLabels was storage-tiered-persistentVolume.labels +// support legacy storage.tieredStoragePersistentVolume +func (s *Storage) TieredPersistentVolumeLabels() map[string]string { + if s.TieredStoragePersistentVolume != nil { + return s.TieredStoragePersistentVolume.Labels + } + if s.Tiered != nil { + return s.Tiered.PersistentVolume.Labels + } + panic(`storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) +} + +// Storage.TieredPersistentVolumeAnnotations was storage-tiered-persistentVolume.annotations +// support legacy storage.tieredStoragePersistentVolume +func (s *Storage) TieredPersistentVolumeAnnotations() map[string]string { + if s.TieredStoragePersistentVolume != nil { + return s.TieredStoragePersistentVolume.Annotations + } + if s.Tiered != nil { + return s.Tiered.PersistentVolume.Annotations + } + panic(`storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) +} + +// storage.TieredPersistentVolumeStorageClass was storage-tiered-persistentVolume.storageClass +// support legacy storage.tieredStoragePersistentVolume +func (s *Storage) TieredPersistentVolumeStorageClass() string { + if s.TieredStoragePersistentVolume != nil { + return s.TieredStoragePersistentVolume.StorageClass + } + if s.Tiered != nil { + return s.Tiered.PersistentVolume.StorageClass + } + panic(`storage.tiered.mountType is "persistentVolume" but storage.tiered.persistentVolume is not configured`) +} + // +gotohelm:ignore=true func (Storage) JSONSchemaExtend(schema *jsonschema.Schema) { deprecate(schema, "tieredConfig", "persistentVolume", "tieredStorageHostPath", "tieredStoragePersistentVolume") @@ -483,7 +567,7 @@ type PodTemplate struct { type Statefulset struct { AdditionalSelectorLabels map[string]string `json:"additionalSelectorLabels" jsonschema:"required"` NodeAffinity map[string]any `json:"nodeAffinity"` - Replicas int `json:"replicas" jsonschema:"required"` + Replicas int32 `json:"replicas" jsonschema:"required"` UpdateStrategy struct { Type string `json:"type" jsonschema:"required,pattern=^(RollingUpdate|OnDelete)$"` } `json:"updateStrategy" jsonschema:"required"` @@ -493,7 +577,7 @@ type Statefulset struct { Annotations map[string]string `json:"annotations" jsonschema:"deprecated"` PodTemplate PodTemplate `json:"podTemplate" jsonschema:"required"` Budget struct { - MaxUnavailable int `json:"maxUnavailable" jsonschema:"required"` + MaxUnavailable int32 `json:"maxUnavailable" jsonschema:"required"` } `json:"budget" jsonschema:"required"` StartupProbe struct { InitialDelaySeconds int32 `json:"initialDelaySeconds" jsonschema:"required"` @@ -516,16 +600,16 @@ type Statefulset struct { PodAntiAffinity struct { TopologyKey string `json:"topologyKey" jsonschema:"required"` Type string `json:"type" jsonschema:"required,pattern=^(hard|soft|custom)$"` - Weight int `json:"weight" jsonschema:"required"` + Weight int32 `json:"weight" jsonschema:"required"` Custom map[string]any `json:"custom"` } `json:"podAntiAffinity" jsonschema:"required"` NodeSelector map[string]string `json:"nodeSelector" jsonschema:"required"` PriorityClassName string `json:"priorityClassName" jsonschema:"required"` - TerminationGracePeriodSeconds int `json:"terminationGracePeriodSeconds"` + TerminationGracePeriodSeconds int64 `json:"terminationGracePeriodSeconds"` TopologySpreadConstraints []struct { - MaxSkew int `json:"maxSkew"` - TopologyKey string `json:"topologyKey"` - WhenUnsatisfiable string `json:"whenUnsatisfiable" jsonschema:"pattern=^(ScheduleAnyway|DoNotSchedule)$"` + MaxSkew int32 `json:"maxSkew"` + TopologyKey string `json:"topologyKey"` + WhenUnsatisfiable corev1.UnsatisfiableConstraintAction `json:"whenUnsatisfiable" jsonschema:"pattern=^(ScheduleAnyway|DoNotSchedule)$"` } `json:"topologySpreadConstraints" jsonschema:"required,minItems=1"` Tolerations []corev1.Toleration `json:"tolerations" jsonschema:"required"` // DEPRECATED. Not to be confused with [corev1.PodSecurityContext], this @@ -642,9 +726,9 @@ type Listeners struct { } `json:"rpc" jsonschema:"required"` } -func (l *Listeners) CreateSeedServers(replicas int, fullname, internalDomain string) []map[string]any { +func (l *Listeners) CreateSeedServers(replicas int32, fullname, internalDomain string) []map[string]any { var result []map[string]any - for i := 0; i < replicas; i++ { + for i := int32(0); i < replicas; i++ { result = append(result, map[string]any{ "host": map[string]any{ "address": fmt.Sprintf("%s-%d.%s", fullname, i, internalDomain), @@ -655,9 +739,9 @@ func (l *Listeners) CreateSeedServers(replicas int, fullname, internalDomain str return result } -func (l *Listeners) AdminList(replicas int, fullname, internalDomain string) []string { +func (l *Listeners) AdminList(replicas int32, fullname, internalDomain string) []string { var result []string - for i := 0; i < replicas; i++ { + for i := int32(0); i < replicas; i++ { result = append(result, fmt.Sprintf("%s-%d.%s:%d", fullname, i, internalDomain, int(l.Admin.Port))) } return result @@ -1426,7 +1510,7 @@ func (c *NodeConfig) Translate() map[string]any { type ClusterConfig map[string]any -func (c *ClusterConfig) Translate(replicas int, skipDefaultTopic bool) map[string]any { +func (c *ClusterConfig) Translate(replicas int32, skipDefaultTopic bool) map[string]any { result := map[string]any{} for k, v := range *c { diff --git a/charts/redpanda/values.schema.json b/charts/redpanda/values.schema.json index cfa5055d31..cee9672d1c 100644 --- a/charts/redpanda/values.schema.json +++ b/charts/redpanda/values.schema.json @@ -817,6 +817,9 @@ ], "type": "object" }, + "force": { + "type": "boolean" + }, "fullnameOverride": { "type": "string" }, diff --git a/charts/redpanda/values_partial.gen.go b/charts/redpanda/values_partial.gen.go index 27eece3bf0..01be28a3a0 100644 --- a/charts/redpanda/values_partial.gen.go +++ b/charts/redpanda/values_partial.gen.go @@ -46,6 +46,7 @@ type PartialValues struct { Tests *struct { Enabled *bool "json:\"enabled,omitempty\"" } "json:\"tests,omitempty\"" + Force *bool "json:\"force,omitempty\"" } type PartialImage struct { @@ -180,7 +181,7 @@ type PartialPostUpgradeJob struct { type PartialStatefulset struct { AdditionalSelectorLabels map[string]string "json:\"additionalSelectorLabels,omitempty\" jsonschema:\"required\"" NodeAffinity map[string]any "json:\"nodeAffinity,omitempty\"" - Replicas *int "json:\"replicas,omitempty\" jsonschema:\"required\"" + Replicas *int32 "json:\"replicas,omitempty\" jsonschema:\"required\"" UpdateStrategy *struct { Type *string "json:\"type,omitempty\" jsonschema:\"required,pattern=^(RollingUpdate|OnDelete)$\"" } "json:\"updateStrategy,omitempty\" jsonschema:\"required\"" @@ -188,7 +189,7 @@ type PartialStatefulset struct { Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"deprecated\"" PodTemplate *PartialPodTemplate "json:\"podTemplate,omitempty\" jsonschema:\"required\"" Budget *struct { - MaxUnavailable *int "json:\"maxUnavailable,omitempty\" jsonschema:\"required\"" + MaxUnavailable *int32 "json:\"maxUnavailable,omitempty\" jsonschema:\"required\"" } "json:\"budget,omitempty\" jsonschema:\"required\"" StartupProbe *struct { InitialDelaySeconds *int32 "json:\"initialDelaySeconds,omitempty\" jsonschema:\"required\"" @@ -211,16 +212,16 @@ type PartialStatefulset struct { PodAntiAffinity *struct { TopologyKey *string "json:\"topologyKey,omitempty\" jsonschema:\"required\"" Type *string "json:\"type,omitempty\" jsonschema:\"required,pattern=^(hard|soft|custom)$\"" - Weight *int "json:\"weight,omitempty\" jsonschema:\"required\"" + Weight *int32 "json:\"weight,omitempty\" jsonschema:\"required\"" Custom map[string]any "json:\"custom,omitempty\"" } "json:\"podAntiAffinity,omitempty\" jsonschema:\"required\"" NodeSelector map[string]string "json:\"nodeSelector,omitempty\" jsonschema:\"required\"" PriorityClassName *string "json:\"priorityClassName,omitempty\" jsonschema:\"required\"" - TerminationGracePeriodSeconds *int "json:\"terminationGracePeriodSeconds,omitempty\"" + TerminationGracePeriodSeconds *int64 "json:\"terminationGracePeriodSeconds,omitempty\"" TopologySpreadConstraints []struct { - MaxSkew *int "json:\"maxSkew,omitempty\"" - TopologyKey *string "json:\"topologyKey,omitempty\"" - WhenUnsatisfiable *string "json:\"whenUnsatisfiable,omitempty\" jsonschema:\"pattern=^(ScheduleAnyway|DoNotSchedule)$\"" + MaxSkew *int32 "json:\"maxSkew,omitempty\"" + TopologyKey *string "json:\"topologyKey,omitempty\"" + WhenUnsatisfiable *corev1.UnsatisfiableConstraintAction "json:\"whenUnsatisfiable,omitempty\" jsonschema:\"pattern=^(ScheduleAnyway|DoNotSchedule)$\"" } "json:\"topologySpreadConstraints,omitempty\" jsonschema:\"required,minItems=1\"" Tolerations []corev1.Toleration "json:\"tolerations,omitempty\" jsonschema:\"required\"" PodSecurityContext *PartialSecurityContext "json:\"podSecurityContext,omitempty\"" diff --git a/pkg/gotohelm/helmette/helm.go b/pkg/gotohelm/helmette/helm.go index d6a8ee1858..fe2910b33a 100644 --- a/pkg/gotohelm/helmette/helm.go +++ b/pkg/gotohelm/helmette/helm.go @@ -13,10 +13,10 @@ import ( // of a helm template. // See also: https://github.com/helm/helm/blob/3764b483b385a12e7d3765bff38eced840362049/pkg/chartutil/values.go#L137-L166 type Dot struct { - Values Values - Release Release - Chart Chart - // Capabilities + Values Values + Release Release + Chart Chart + Capabilities Capabilities // KubeConfig is a hacked in value to allow `Lookup` to not rely on global // values. It's a kube.Config to support JSON marshalling and allow easy @@ -40,6 +40,32 @@ type Chart struct { AppVersion string } +// Capabilities describes the capabilities of the Kubernetes cluster. +// Should these just be a reference to helm/pkg/chartutil/Capabilities? +type Capabilities struct { + // KubeVersion is the Kubernetes version. + KubeVersion KubeVersion + // APIversions are supported Kubernetes API versions. + // APIVersions VersionSet + // HelmVersion is the build information for this helm version + // HelmVersion helmversion.BuildInfo +} + +// KubeVersion is the Kubernetes version. +type KubeVersion struct { + Version string // Kubernetes version + Major string // Kubernetes major version + Minor string // Kubernetes minor version +} + +// String implements fmt.Stringer +func (kv *KubeVersion) String() string { return kv.Version } + +// GitVersion returns the Kubernetes version string. +// +// Deprecated: use KubeVersion.Version. +func (kv *KubeVersion) GitVersion() string { return kv.Version } + type Values map[string]any func (v Values) AsMap() map[string]any { diff --git a/pkg/gotohelm/helmette/sprig.go b/pkg/gotohelm/helmette/sprig.go index d155c891b2..7ba3ac215e 100644 --- a/pkg/gotohelm/helmette/sprig.go +++ b/pkg/gotohelm/helmette/sprig.go @@ -1,6 +1,8 @@ package helmette import ( + "crypto/sha256" + "encoding/hex" "encoding/json" "fmt" "math" @@ -400,3 +402,9 @@ func Join[T any](sep string, s []T) string { } return out } + +// +gotohelm:builtin=sha256sum +func Sha256Sum(input string) string { + hash := sha256.Sum256([]byte(input)) + return hex.EncodeToString(hash[:]) +} diff --git a/pkg/gotohelm/transpiler.go b/pkg/gotohelm/transpiler.go index 3217948a7d..726a5c254b 100644 --- a/pkg/gotohelm/transpiler.go +++ b/pkg/gotohelm/transpiler.go @@ -1068,6 +1068,8 @@ func (t *Transpiler) transpileCallExpr(n *ast.CallExpr) Node { case "github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette.MergeTo": dict := DictLiteral{} return &BuiltInCall{FuncName: "merge", Arguments: append([]Node{&dict}, args...)} + case "github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette.(*KubeVersion).GitVersion": + return &Selector{Expr: reciever, Field: "GitVersion"} case "github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette.Lookup": // Super ugly but it's fairly safe to assume that the return type of