Skip to content

Instantly share code, notes, and snippets.

@pierDipi
Created November 10, 2021 08:29
Show Gist options
  • Save pierDipi/0e2f7156c791ec47cf5970d936cd18b9 to your computer and use it in GitHub Desktop.
Save pierDipi/0e2f7156c791ec47cf5970d936cd18b9 to your computer and use it in GitHub Desktop.
Eventing Kafka Broker artifacts
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-broker-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
data:
config-kafka-broker-producer.properties: |
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=io.cloudevents.kafka.CloudEventSerializer
acks=all
buffer.memory=33554432
# compression.type=snappy
retries=2147483647
batch.size=16384
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=600000
delivery.timeout.ms=120000
linger.ms=0
max.block.ms=60000
max.request.size=1048576
partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes=-1
request.timeout.ms=30000
enable.idempotence=false
max.in.flight.requests.per.connection=5
metadata.max.age.ms=300000
# metric.reporters=""
metrics.num.samples=2
metrics.recording.level=INFO
metrics.sample.window.ms=30000
reconnect.backoff.max.ms=1000
reconnect.backoff.ms=50
retry.backoff.ms=100
# transaction.timeout.ms=60000
# transactional.id=null
config-kafka-broker-consumer.properties: |
key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=io.cloudevents.kafka.CloudEventDeserializer
fetch.min.bytes=1
heartbeat.interval.ms=3000
max.partition.fetch.bytes=1048576
session.timeout.ms=10000
# ssl.key.password=
# ssl.keystore.location=
# ssl.keystore.password=
# ssl.truststore.location=
# ssl.truststore.password=
allow.auto.create.topics=true
auto.offset.reset=earliest
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=540000
default.api.timeout.ms=60000
enable.auto.commit=false
exclude.internal.topics=true
fetch.max.bytes=52428800
isolation.level=read_uncommitted
max.poll.interval.ms=300000
max.poll.records=500
# partition.assignment.strategy=org.apache.kafka.clients.consumer.CooperativeStickyAssignor
receive.buffer.bytes=65536
request.timeout.ms=30000
# sasl.client.callback.handler.class=
# sasl.jaas.config=
# sasl.kerberos.service.name=
# sasl.login.callback.handler.class
# sasl.login.class
# sasl.mechanism
security.protocol=PLAINTEXT
send.buffer.bytes=131072
# ssl.enabled.protocols=
# ssl.keystore.type=
# ssl.protocol=
# ssl.provider=
auto.commit.interval.ms=5000
check.crcs=true
# client.rack=
fetch.max.wait.ms=500
# interceptor.classes=
metadata.max.age.ms=600000
# metrics.reporters=
# metrics.num.samples=
# metrics.recording.level=INFO
# metrics.sample.window.ms=
reconnect.backoff.max.ms=1000
retry.backoff.ms=100
# sasl.kerberos.kinit.cmd=
# sasl.kerberos.min.time.before.relogin=
# sasl.kerberos.ticket.renew.jitter=
# sasl.login.refresh.buffer.seconds=
# sasl.login.refresh.min.period.seconds=
# sasl.login.refresh.window.factor
# sasl.login.refresh.window.jitter
# security.providers
# ssl.cipher.suites
# ssl.endpoint.identification.algorithm
# ssl.keymanager.algorithm
# ssl.secure.random.implementation
# ssl.trustmanager.algorithm
config-kafka-broker-webclient.properties: |
idleTimeout=10000
config-kafka-broker-httpserver.properties: |
idleTimeout=0
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-broker-data-plane
labels:
kafka.eventing.knative.dev/release: devel
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-broker-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-broker-data-plane
labels:
kafka.eventing.knative.dev/release: devel
subjects:
- kind: ServiceAccount
name: knative-kafka-broker-data-plane
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-broker-data-plane
apiGroup: rbac.authorization.k8s.io
---
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-broker-dispatcher
namespace: knative-eventing
labels:
app: kafka-broker-dispatcher
kafka.eventing.knative.dev/release: devel
spec:
selector:
matchLabels:
app: kafka-broker-dispatcher
template:
metadata:
name: kafka-broker-dispatcher
labels:
app: kafka-broker-dispatcher
kafka.eventing.knative.dev/release: devel
spec:
serviceAccountName: knative-kafka-broker-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-broker-dispatcher
image: docker.io/pierdipi/knative-kafka-broker-dispatcher:e0d1f434-41fe-11ec-8699-14857f6f674c
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-broker-data-plane
readOnly: true
- mountPath: /etc/brokers-triggers
name: kafka-broker-brokers-triggers
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-broker-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-broker-dispatcher"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-producer.properties
- name: CONSUMER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-consumer.properties
- name: WEBCLIENT_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-webclient.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/brokers-triggers/data
- name: EGRESSES_INITIAL_CAPACITY
value: "20"
- name: INSTANCE_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
httpGet:
port: 9090
path: /metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 9090
path: /metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config-kafka-broker-data-plane
configMap:
name: config-kafka-broker-data-plane
- name: kafka-broker-brokers-triggers
configMap:
name: kafka-broker-brokers-triggers
- name: cache
emptyDir: { }
- name: kafka-broker-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
dnsConfig:
options:
- name: single-request-reopen
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-broker-receiver
namespace: knative-eventing
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: devel
spec:
selector:
matchLabels:
app: kafka-broker-receiver
template:
metadata:
name: kafka-broker-receiver
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: devel
spec:
serviceAccountName: knative-kafka-broker-data-plane
securityContext:
runAsNonRoot: true
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-broker-receiver
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- name: kafka-broker-receiver
image: docker.io/pierdipi/knative-kafka-broker-receiver:e0d1f434-41fe-11ec-8699-14857f6f674c
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-broker-data-plane
readOnly: true
- mountPath: /etc/brokers-triggers
name: kafka-broker-brokers-triggers
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-broker-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-broker-receiver"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INGRESS_PORT
value: "8080"
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-producer.properties
- name: HTTPSERVER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-httpserver.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/brokers-triggers/data
- name: LIVENESS_PROBE_PATH
value: /healthz
- name: READINESS_PROBE_PATH
value: /readyz
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /healthz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /readyz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: kafka-broker-brokers-triggers
configMap:
name: kafka-broker-brokers-triggers
- name: config-kafka-broker-data-plane
configMap:
name: config-kafka-broker-data-plane
- name: cache
emptyDir: { }
- name: kafka-broker-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: kafka-broker-ingress
namespace: knative-eventing
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: devel
spec:
selector:
app: kafka-broker-receiver
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: http-metrics
port: 9090
protocol: TCP
targetPort: 9090
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: kafka-broker-config
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
data:
default.topic.partitions: "10"
default.topic.replication.factor: "3"
bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkachannels.messaging.knative.dev
labels:
kafka.eventing.knative.dev/release: "v20211108-c5e12df13"
knative.dev/crd-install: "true"
messaging.knative.dev/subscribable: "true"
duck.knative.dev/addressable: "true"
spec:
group: messaging.knative.dev
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: 'KafkaChannel is a resource representing a Channel that is backed by a topic of an Apache Kafka cluster.'
type: object
properties:
spec:
description: Spec defines the desired state of the Channel.
type: object
properties:
numPartitions:
description: NumPartitions is the number of partitions of a Kafka topic. By default, it is set to 1.
type: integer
format: int32
default: 1
replicationFactor:
description: ReplicationFactor is the replication factor of a Kafka topic. By default, it is set to 1.
type: integer
maximum: 32767
default: 1
retentionDuration:
description: RetentionDuration is the retention time for events in a Kafka Topic represented as an ISO-8601 Duration. By default it is set to 168 hours, which is the precise form of 7 days.
type: string
delivery:
description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec.
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
subscribers:
description: This is the list of subscriptions for this subscribable.
type: array
items:
type: object
properties:
delivery:
description: DeliverySpec contains options controlling the event delivery
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
generation:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
status:
description: Status represents the current state of the KafkaChannel. This data may be out of date.
type: object
properties:
address:
type: object
required:
- url
properties:
url:
type: string
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
type: object
required:
- type
- status
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
deadLetterChannel:
description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
format: int64
subscribers:
description: This is the list of subscription's statuses for this channel.
type: array
items:
type: object
properties:
message:
description: A human readable message indicating details of Ready status.
type: string
observedGeneration:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
ready:
description: Status of the subscriber.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: URL
type: string
jsonPath: .status.address.url
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
kind: KafkaChannel
plural: kafkachannels
singular: kafkachannel
categories:
- all
- knative
- messaging
- channel
shortNames:
- kc
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook
namespace: knative-eventing
---
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkasinks.eventing.knative.dev
labels:
duck.knative.dev/addressable: "true"
knative.dev/crd-install: "true"
kafka.eventing.knative.dev/release: devel
spec:
group: eventing.knative.dev
names:
kind: KafkaSink
plural: kafkasinks
singular: kafkasink
categories:
- all
- knative
- eventing
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: 'Kafka Sink is Addressable, it receives events and send them to a Kafka topic.'
type: object
properties:
spec:
description: 'Spec defines the desired state of the Kafka Sink.'
type: object
required:
- topic
- bootstrapServers
properties:
topic:
description: 'Topic name to send events.'
type: string
numPartitions:
description: 'Number of topic partitions. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.'
type: integer
format: int32
replicationFactor:
description: 'Topic replication factor. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.'
type: integer
format: int32
bootstrapServers:
description: 'A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.'
type: array
minLength: 1
items:
type: string
contentMode:
description: |
CloudEvent content mode of Kafka messages sent to the topic.
Possible values: [structured, binary] (default: structured)
- https://github.com/cloudevents/spec/blob/v1.0/spec.md#message
- https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#33-structured-content-mode
- https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#32-binary-content-mode
type: string
enum:
- structured
- binary
default: structured
auth:
description: 'Auth configurations'
type: object
properties:
secret:
description: 'Auth secret'
type: object
properties:
ref:
# TODO add format in description (?)
description: |
Secret reference.
type: object
required:
- name
properties:
name:
description: 'Secret name'
type: string
status:
description: 'Status represents the current state of the KafkaSink. This data may be out of date.'
type: object
properties:
address:
description: 'Kafka Sink is Addressable. It exposes the endpoint as an URI to get events delivered to a Kafka topic.'
type: object
properties:
url:
type: string
annotations:
description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.'
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: 'Conditions the latest available observations of a resource''s current state.'
type: array
items:
type: object
required:
- type
- status
properties:
lastTransitionTime:
description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
type: string
message:
description: 'A human readable message indicating details about the transition.'
type: string
reason:
description: 'The reason for the condition''s last transition.'
type: string
severity:
description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
type: string
status:
description: 'Status of the condition, one of True, False, Unknown.'
type: string
type:
description: 'Type of condition.'
type: string
observedGeneration:
description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.'
type: integer
format: int64
additionalPrinterColumns:
- name: URL
type: string
jsonPath: .status.address.url
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
# conversion:
# strategy: Webhook
# webhook:
# conversionReviewVersions: [ "v1alpha1" ]
# clientConfig:
# service:
# name: eventing-kafka-webhook
# namespace: knative-eventing
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
kafka.eventing.knative.dev/release: "v20211108-c5e12df13"
duck.knative.dev/binding: "true"
knative.dev/crd-install: "true"
name: kafkabindings.bindings.knative.dev
spec:
group: bindings.knative.dev
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
# this is a work around so we don't need to flush out the
# schema for each version at this time
#
# see issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: BootstrapServers
type: string
jsonPath: ".spec.bootstrapServers"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
categories:
- all
- knative
- eventing
- bindings
kind: KafkaBinding
plural: kafkabindings
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-source-webhook
namespace: knative-eventing
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
kafka.eventing.knative.dev/release: "v20211108-c5e12df13"
eventing.knative.dev/source: "true"
duck.knative.dev/source: "true"
knative.dev/crd-install: "true"
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "dev.knative.kafka.event" }
]
name: kafkasources.sources.knative.dev
spec:
group: sources.knative.dev
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# this is a work around so we don't need to flush out the
# schema for each version at this time
#
# see issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
scale:
# specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas.
specReplicasPath: .spec.consumers
# statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas.
statusReplicasPath: .status.consumers
# labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector
labelSelectorPath: .status.selector
additionalPrinterColumns:
- name: Topics
type: string
jsonPath: ".spec.topics"
- name: BootstrapServers
type: string
jsonPath: ".spec.bootstrapServers"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
categories:
- all
- knative
- eventing
- sources
kind: KafkaSource
plural: kafkasources
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-source-webhook
namespace: knative-eventing
---
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: kafka-config-logging
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
data:
config.xml: |
<configuration>
<appender name="jsonConsoleAppender" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="INFO">
<appender-ref ref="jsonConsoleAppender"/>
</root>
</configuration>
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-tracing
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
knative.dev/config-propagation: original
knative.dev/config-category: eventing
annotations:
knative.dev/example-checksum: "4002b4c2"
data:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
#
# This may be "zipkin" or "stackdriver", the default is "none"
backend: "none"
# URL to zipkin collector where traces are sent.
# This must be specified when backend is "zipkin"
zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans"
# The GCP project into which stackdriver metrics will be written
# when backend is "stackdriver". If unspecified, the project-id
# is read from GCP metadata when running on GCP.
stackdriver-project-id: "my-project"
# Enable zipkin debug mode. This allows all spans to be sent to the server
# bypassing sampling.
debug: "false"
# Percentage (0-1) of requests to trace
sample-rate: "0.1"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: knative-kafka-addressable-resolver
labels:
kafka.eventing.knative.dev/release: devel
duck.knative.dev/addressable: "true"
# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
rules:
- apiGroups:
- eventing.knative.dev
resources:
- kafkasinks
- kafkasinks/status
verbs:
- get
- list
- watch
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- get
- list
- watch
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-channelable-manipulator
labels:
kafka.eventing.knative.dev/release: devel
duck.knative.dev/channelable: "true"
# Do not use this role directly. These rules will be added to the "channelable-manipulator" role.
rules:
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kafka-controller
labels:
kafka.eventing.knative.dev/release: devel
rules:
- apiGroups:
- "*"
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- "*"
resources:
- pods
verbs:
- list
- update
- get
- watch
- apiGroups:
- "*"
resources:
- events
verbs:
- patch
- create
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- "*"
resources:
- secrets
verbs:
- list
- get
- watch
# Eventing resources and statuses we care about
- apiGroups:
- "eventing.knative.dev"
resources:
- "brokers"
- "brokers/status"
- "triggers"
- "triggers/status"
- "kafkasinks"
- "kafkasinks/status"
verbs:
- list
- get
- watch
- patch
- update
# eventing.knative.dev resources and finalizers we care about.
- apiGroups:
- "eventing.knative.dev"
resources:
- "brokers/finalizers"
- "triggers/finalizers"
- "kafkasinks/finalizers"
verbs:
- update
# messaging.knative.dev resources and finalizers we care about.
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels/finalizers
verbs:
- update
# sources.knative.dev resources and finalizers we care about.
- apiGroups:
- sources.knative.dev
resources:
- kafkasources
- kafkasources/status
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- sources.knative.dev
resources:
- kafkasources/finalizers
verbs:
- update
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: kafka-controller
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-controller
labels:
kafka.eventing.knative.dev/release: devel
subjects:
- kind: ServiceAccount
name: kafka-controller
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: kafka-controller
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-controller-addressable-resolver
labels:
kafka.eventing.knative.dev/release: devel
subjects:
- kind: ServiceAccount
name: kafka-controller
namespace: knative-eventing
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: addressable-resolver
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-controller
namespace: knative-eventing
labels:
app: kafka-controller
kafka.eventing.knative.dev/release: devel
spec:
selector:
matchLabels:
app: kafka-controller
template:
metadata:
name: kafka-controller
labels:
app: kafka-controller
kafka.eventing.knative.dev/release: devel
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: kafka-controller
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-controller
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- name: controller
image: docker.io/pierdipi/kafka-controller-409c76cb00d7d7c46941c7e4c366e4a6@sha256:748dc7616ea06d3d7b862de36d5f0321568da23acd32211bf6aea95c0543717e
imagePullPolicy: IfNotPresent
env:
- name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: SINK_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: SOURCE_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: BROKER_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-broker-brokers-triggers
- name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-channel-channels-subscriptions
- name: SINK_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-sink-sinks
- name: SOURCE_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-source-sources
- name: BROKER_DATA_PLANE_CONFIG_FORMAT
value: json
- name: CHANNEL_DATA_PLANE_CONFIG_FORMAT
value: json
- name: SINK_DATA_PLANE_CONFIG_FORMAT
value: json
- name: SOURCE_DATA_PLANE_CONFIG_FORMAT
value: json
- name: BROKER_INGRESS_NAME
value: kafka-broker-ingress
- name: CHANNEL_INGRESS_NAME
value: kafka-channel-ingress
- name: SINK_INGRESS_NAME
value: kafka-sink-ingress
- name: SOURCE_INGRESS_NAME
value: kafka-source-ingress
- name: BROKER_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: CHANNEL_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: SINK_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: SOURCE_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: BROKER_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CHANNEL_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SINK_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SOURCE_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BROKER_DEFAULT_BACKOFF_DELAY_MS
value: "1000" # 1 second
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: METRICS_DOMAIN
value: knative.dev/eventing
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 9090
name: metrics
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
restartPolicy: Always
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kafka-webhook-eventing
labels:
kafka.eventing.knative.dev/release: devel
rules:
# For watching logging configuration and getting certs.
- apiGroups:
- ""
resources:
- "configmaps"
verbs:
- "get"
- "list"
- "watch"
# For manipulating certs into secrets.
- apiGroups:
- ""
resources:
- "secrets"
- "namespaces"
verbs:
- "get"
- "create"
- "update"
- "list"
- "watch"
- "patch"
# For getting our Deployment so we can decorate with ownerref.
- apiGroups:
- "apps"
resources:
- "deployments"
verbs:
- "get"
- apiGroups:
- "apps"
resources:
- "deployments/finalizers"
verbs:
- update
# For actually registering our webhook.
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- "mutatingwebhookconfigurations"
- "validatingwebhookconfigurations"
verbs: &everything
- "get"
- "list"
- "create"
- "update"
- "delete"
- "patch"
- "watch"
# For leader election
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs: *everything
# finalizers are needed for the owner reference of the webhook
- apiGroups:
- ""
resources:
- "namespaces/finalizers"
verbs:
- "update"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-webhook-eventing
labels:
kafka.eventing.knative.dev/release: devel
subjects:
- kind: ServiceAccount
name: kafka-webhook-eventing
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: kafka-webhook-eventing
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: defaulting.webhook.kafka.eventing.knative.dev
labels:
kafka.eventing.knative.dev/release: devel
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook-eventing
namespace: knative-eventing
sideEffects: None
failurePolicy: Fail
name: defaulting.webhook.kafka.eventing.knative.dev
timeoutSeconds: 2
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: kafka-webhook-eventing-certs
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: devel
# The data is populated at install time.
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.kafka.eventing.knative.dev
labels:
kafka.eventing.knative.dev/release: devel
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook-eventing
namespace: knative-eventing
sideEffects: None
failurePolicy: Fail
name: validation.webhook.kafka.eventing.knative.dev
timeoutSeconds: 2
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: devel
spec:
selector:
matchLabels:
app: kafka-webhook-eventing
template:
metadata:
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: devel
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-webhook-eventing
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: kafka-webhook-eventing
securityContext:
runAsNonRoot: true
containers:
- name: kafka-webhook-eventing
terminationMessagePolicy: FallbackToLogsOnError
image: docker.io/pierdipi/webhook-kafka-a0744e57e2361781824e0eef2db067de@sha256:e4e91710c8c819da6b006e316b6d431f4587398fcb0734ca0abf7d47c8ed1a4d
resources:
requests:
cpu: 20m
memory: 20Mi
limits:
cpu: 200m
memory: 200Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: METRICS_DOMAIN
value: knative.dev/eventing
- name: WEBHOOK_NAME
value: kafka-webhook-eventing
- name: WEBHOOK_PORT
value: "8443"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
allowPrivilegeEscalation: false
ports:
- name: https-webhook
containerPort: 8443
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
readinessProbe: &probe
periodSeconds: 1
httpGet:
scheme: HTTPS
port: 8443
httpHeaders:
- name: k-kubelet-probe
value: "webhook"
livenessProbe:
!!merge <<: *probe
initialDelaySeconds: 20
# Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
# high value that we respect whatever value it has configured for the lame duck grace period.
terminationGracePeriodSeconds: 300
---
apiVersion: v1
kind: Service
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: devel
spec:
ports:
- name: https-webhook
port: 443
targetPort: 8443
selector:
app: kafka-webhook-eventing
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment