Created
August 31, 2023 14:44
-
-
Save joejulian/d0fff62b01369b20c7ae9e69907bb9e4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| items: | |
| - apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| annotations: | |
| meta.helm.sh/release-name: redpanda | |
| meta.helm.sh/release-namespace: rn | |
| creationTimestamp: "2023-08-29T23:34:32Z" | |
| generation: 2 | |
| labels: | |
| app.kubernetes.io/component: redpanda | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/name: redpanda | |
| helm.sh/chart: redpanda-5.1.6 | |
| name: redpanda | |
| namespace: rn | |
| resourceVersion: "203432" | |
| uid: 8e8e5bec-e979-482c-b41a-5fda1a37029a | |
| spec: | |
| persistentVolumeClaimRetentionPolicy: | |
| whenDeleted: Retain | |
| whenScaled: Retain | |
| podManagementPolicy: Parallel | |
| replicas: 1 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/component: redpanda-statefulset | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/name: redpanda | |
| serviceName: redpanda | |
| template: | |
| metadata: | |
| annotations: | |
| checksum/config: 79e4f455c29a50a61110786f8c139ba682d128ccd3ac4dc29436ed31a2fdd703 | |
| creationTimestamp: null | |
| labels: | |
| app.kubernetes.io/component: redpanda-statefulset | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/name: redpanda | |
| redpanda.com/poddisruptionbudget: redpanda | |
| spec: | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchLabels: | |
| app.kubernetes.io/component: redpanda-statefulset | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/name: redpanda | |
| topologyKey: kubernetes.io/hostname | |
| containers: | |
| - command: | |
| - rpk | |
| - redpanda | |
| - start | |
| - --smp=1 | |
| - --memory=2048M | |
| - --reserve-memory=205M | |
| - --default-log-level=info | |
| - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.rn.svc.cluster.local.:33145 | |
| env: | |
| - name: SERVICE_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: POD_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.podIP | |
| - name: HOST_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.hostIP | |
| image: docker.redpanda.com/redpandadata/redpanda:v23.2.6 | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /bin/bash | |
| - -c | |
| - | | |
| timeout -v 45 bash -x /var/lifecycle/postStart.sh | |
| true | |
| preStop: | |
| exec: | |
| command: | |
| - /bin/bash | |
| - -c | |
| - | | |
| timeout -v 45 bash -x /var/lifecycle/preStop.sh | |
| true # do not fail and cause the pod to terminate | |
| livenessProbe: | |
| exec: | |
| command: | |
| - /bin/sh | |
| - -c | |
| - curl --silent --fail -k --cacert /etc/tls/certs/default/tls.crt "https://${SERVICE_NAME}.redpanda.rn.svc.cluster.local.:9644/v1/status/ready" | |
| failureThreshold: 3 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| name: redpanda | |
| ports: | |
| - containerPort: 9644 | |
| name: admin | |
| protocol: TCP | |
| - containerPort: 9645 | |
| name: admin-default | |
| protocol: TCP | |
| - containerPort: 8082 | |
| name: http | |
| protocol: TCP | |
| - containerPort: 8083 | |
| name: http-default | |
| protocol: TCP | |
| - containerPort: 9093 | |
| name: kafka | |
| protocol: TCP | |
| - containerPort: 9094 | |
| name: kafka-default | |
| protocol: TCP | |
| - containerPort: 33145 | |
| name: rpc | |
| protocol: TCP | |
| - containerPort: 8081 | |
| name: schemaregistry | |
| protocol: TCP | |
| - containerPort: 8084 | |
| name: schema-default | |
| protocol: TCP | |
| readinessProbe: | |
| exec: | |
| command: | |
| - /bin/sh | |
| - -c | |
| - | | |
| set -x | |
| rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.rn.svc.cluster.local.:9644 --admin-api-tls-enabled --admin-api-tls-truststore /etc/tls/certs/default/ca.crt | |
| rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.rn.svc.cluster.local.:9644 --admin-api-tls-enabled --admin-api-tls-truststore /etc/tls/certs/default/ca.crt | grep 'Healthy:.*true' | |
| failureThreshold: 3 | |
| initialDelaySeconds: 1 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| resources: | |
| limits: | |
| cpu: "1" | |
| memory: 2560Mi | |
| securityContext: | |
| runAsGroup: 101 | |
| runAsUser: 101 | |
| startupProbe: | |
| exec: | |
| command: | |
| - /bin/sh | |
| - -c | |
| - | | |
| set -e | |
| RESULT=$(curl --silent --fail -k --cacert /etc/tls/certs/default/tls.crt "https://${SERVICE_NAME}.redpanda.rn.svc.cluster.local.:9644/v1/status/ready") | |
| echo $RESULT | |
| echo $RESULT | grep ready | |
| failureThreshold: 120 | |
| initialDelaySeconds: 1 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /var/lifecycle | |
| name: lifecycle-scripts | |
| - mountPath: /var/lib/redpanda/data | |
| name: datadir | |
| - mountPath: /etc/redpanda | |
| name: config | |
| - mountPath: /etc/tls/certs/default | |
| name: redpanda-default-cert | |
| - mountPath: /etc/tls/certs/external | |
| name: redpanda-external-cert | |
| - args: | |
| - -c | |
| - trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh | |
| & wait $! | |
| command: | |
| - /bin/sh | |
| image: docker.redpanda.com/redpandadata/redpanda:v23.2.6 | |
| imagePullPolicy: IfNotPresent | |
| name: config-watcher | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /etc/secrets/config-watcher/scripts | |
| name: redpanda-config-watcher | |
| readOnly: true | |
| - mountPath: /etc/tls/certs/default | |
| name: redpanda-default-cert | |
| readOnly: true | |
| - mountPath: /etc/tls/certs/external | |
| name: redpanda-external-cert | |
| readOnly: true | |
| dnsPolicy: ClusterFirst | |
| initContainers: | |
| - args: | |
| - | | |
| rpk redpanda tune all | |
| command: | |
| - bash | |
| - -c | |
| image: docker.redpanda.com/redpandadata/redpanda:v23.2.6 | |
| imagePullPolicy: IfNotPresent | |
| name: tuning | |
| resources: {} | |
| securityContext: | |
| capabilities: | |
| add: | |
| - SYS_RESOURCE | |
| privileged: true | |
| runAsGroup: 0 | |
| runAsUser: 0 | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /etc/redpanda | |
| name: redpanda | |
| - args: | |
| - | | |
| set -xe | |
| CONFIG=/etc/redpanda/redpanda.yaml | |
| POD_ORDINAL=${SERVICE_NAME##*-} | |
| # Setup config files | |
| cp /tmp/base-config/redpanda.yaml "${CONFIG}" | |
| cp /tmp/base-config/bootstrap.yaml /etc/redpanda/.bootstrap.yaml | |
| NODE_INDEX=`expr $POD_ORDINAL + 1` | |
| LISTENER_INDEX=1 | |
| LISTENER=`echo $ADVERTISED_KAFKA_ADDRESSES | cut -d ' ' -f $NODE_INDEX | cut -d ';' -f $LISTENER_INDEX` | |
| until [ "$LISTENER" == "" ]; do | |
| rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[$(($LISTENER_INDEX-1))] "$LISTENER" | |
| let "LISTENER_INDEX+=1" | |
| LISTENER=`echo $ADVERTISED_KAFKA_ADDRESSES | cut -d ' ' -f $NODE_INDEX | cut -d ';' -f $LISTENER_INDEX` | |
| done | |
| LISTENER_INDEX=1 | |
| LISTENER=`echo $ADVERTISED_HTTP_ADDRESSES | cut -d ' ' -f $NODE_INDEX | cut -d ';' -f $LISTENER_INDEX` | |
| until [ "$LISTENER" == "" ]; do | |
| rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[$(($LISTENER_INDEX-1))] "$LISTENER" | |
| let "LISTENER_INDEX+=1" | |
| LISTENER=`echo $ADVERTISED_HTTP_ADDRESSES | cut -d ' ' -f $NODE_INDEX | cut -d ';' -f $LISTENER_INDEX` | |
| done | |
| command: | |
| - /bin/bash | |
| - -c | |
| env: | |
| - name: SERVICE_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: ADVERTISED_KAFKA_ADDRESSES | |
| value: '{"address":"$(SERVICE_NAME).redpanda.rn.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME).my.foo.bar","name":"default","port":31092}' | |
| - name: ADVERTISED_HTTP_ADDRESSES | |
| value: '{"address":"$(SERVICE_NAME).redpanda.rn.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME).my.foo.bar","name":"default","port":30082}' | |
| - name: KUBERNETES_NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: spec.nodeName | |
| image: docker.redpanda.com/redpandadata/redpanda:v23.2.6 | |
| imagePullPolicy: IfNotPresent | |
| name: redpanda-configurator | |
| resources: {} | |
| securityContext: | |
| runAsGroup: 101 | |
| runAsUser: 101 | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /tmp/base-config | |
| name: redpanda | |
| - mountPath: /etc/redpanda | |
| name: config | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: | |
| fsGroup: 101 | |
| fsGroupChangePolicy: OnRootMismatch | |
| serviceAccount: default | |
| serviceAccountName: default | |
| terminationGracePeriodSeconds: 90 | |
| topologySpreadConstraints: | |
| - labelSelector: | |
| matchLabels: | |
| app.kubernetes.io/component: redpanda-statefulset | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/name: redpanda | |
| maxSkew: 1 | |
| topologyKey: topology.kubernetes.io/zone | |
| whenUnsatisfiable: ScheduleAnyway | |
| volumes: | |
| - name: lifecycle-scripts | |
| secret: | |
| defaultMode: 509 | |
| secretName: redpanda-sts-lifecycle | |
| - name: datadir | |
| persistentVolumeClaim: | |
| claimName: datadir | |
| - configMap: | |
| defaultMode: 420 | |
| name: redpanda | |
| name: redpanda | |
| - emptyDir: {} | |
| name: config | |
| - name: redpanda-default-cert | |
| secret: | |
| defaultMode: 420 | |
| items: | |
| - key: tls.key | |
| path: tls.key | |
| - key: tls.crt | |
| path: tls.crt | |
| - key: ca.crt | |
| path: ca.crt | |
| secretName: redpanda-default-cert | |
| - name: redpanda-external-cert | |
| secret: | |
| defaultMode: 420 | |
| items: | |
| - key: tls.key | |
| path: tls.key | |
| - key: tls.crt | |
| path: tls.crt | |
| - key: ca.crt | |
| path: ca.crt | |
| secretName: redpanda-external-cert | |
| - name: redpanda-config-watcher | |
| secret: | |
| defaultMode: 509 | |
| optional: false | |
| secretName: redpanda-config-watcher | |
| updateStrategy: | |
| type: RollingUpdate | |
| volumeClaimTemplates: | |
| - apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app.kubernetes.io/component: redpanda | |
| app.kubernetes.io/instance: redpanda | |
| app.kubernetes.io/name: redpanda | |
| name: datadir | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 20Gi | |
| volumeMode: Filesystem | |
| status: | |
| phase: Pending | |
| status: | |
| availableReplicas: 1 | |
| collisionCount: 0 | |
| conditions: | |
| - lastTransitionTime: "2023-08-29T16:27:57Z" | |
| status: Foo | |
| type: Fubar | |
| currentReplicas: 1 | |
| currentRevision: redpanda-d57449f | |
| observedGeneration: 2 | |
| readyReplicas: 1 | |
| replicas: 1 | |
| updateRevision: redpanda-d57449f | |
| updatedReplicas: 1 | |
| kind: List | |
| metadata: | |
| resourceVersion: "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment