Skip to content

Instantly share code, notes, and snippets.

@pierDipi
Last active April 21, 2022 11:16
Show Gist options
  • Save pierDipi/b584b0a9167dfeeffd0f934847c1dffa to your computer and use it in GitHub Desktop.
Save pierDipi/b584b0a9167dfeeffd0f934847c1dffa to your computer and use it in GitHub Desktop.
KNATIVE-2107 patch
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-broker-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
config-kafka-broker-producer.properties: |
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=io.cloudevents.kafka.CloudEventSerializer
acks=all
buffer.memory=33554432
# compression.type=snappy
retries=2147483647
batch.size=16384
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=600000
delivery.timeout.ms=120000
linger.ms=0
max.block.ms=60000
max.request.size=1048576
partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes=-1
request.timeout.ms=30000
enable.idempotence=false
max.in.flight.requests.per.connection=5
metadata.max.age.ms=300000
# metric.reporters=""
metrics.num.samples=2
metrics.recording.level=INFO
metrics.sample.window.ms=30000
reconnect.backoff.max.ms=1000
reconnect.backoff.ms=50
retry.backoff.ms=100
# transaction.timeout.ms=60000
# transactional.id=null
config-kafka-broker-consumer.properties: |
key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=io.cloudevents.kafka.CloudEventDeserializer
fetch.min.bytes=1
heartbeat.interval.ms=3000
max.partition.fetch.bytes=1048576
session.timeout.ms=10000
# ssl.key.password=
# ssl.keystore.location=
# ssl.keystore.password=
# ssl.truststore.location=
# ssl.truststore.password=
allow.auto.create.topics=true
auto.offset.reset=earliest
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=540000
default.api.timeout.ms=60000
enable.auto.commit=false
exclude.internal.topics=true
fetch.max.bytes=52428800
isolation.level=read_uncommitted
max.poll.interval.ms=300000
max.poll.records=500
# partition.assignment.strategy=org.apache.kafka.clients.consumer.CooperativeStickyAssignor
receive.buffer.bytes=65536
request.timeout.ms=30000
# sasl.client.callback.handler.class=
# sasl.jaas.config=
# sasl.kerberos.service.name=
# sasl.login.callback.handler.class
# sasl.login.class
# sasl.mechanism
security.protocol=PLAINTEXT
send.buffer.bytes=131072
# ssl.enabled.protocols=
# ssl.keystore.type=
# ssl.protocol=
# ssl.provider=
auto.commit.interval.ms=5000
check.crcs=true
# client.rack=
fetch.max.wait.ms=500
# interceptor.classes=
metadata.max.age.ms=600000
# metrics.reporters=
# metrics.num.samples=
# metrics.recording.level=INFO
# metrics.sample.window.ms=
reconnect.backoff.max.ms=1000
retry.backoff.ms=100
# sasl.kerberos.kinit.cmd=
# sasl.kerberos.min.time.before.relogin=
# sasl.kerberos.ticket.renew.jitter=
# sasl.login.refresh.buffer.seconds=
# sasl.login.refresh.min.period.seconds=
# sasl.login.refresh.window.factor
# sasl.login.refresh.window.jitter
# security.providers
# ssl.cipher.suites
# ssl.endpoint.identification.algorithm
# ssl.keymanager.algorithm
# ssl.secure.random.implementation
# ssl.trustmanager.algorithm
config-kafka-broker-webclient.properties: |
idleTimeout=10000
config-kafka-broker-httpserver.properties: |
idleTimeout=0
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-broker-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-broker-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-broker-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-broker-data-plane
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-broker-data-plane
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-broker-dispatcher
namespace: knative-eventing
labels:
app: kafka-broker-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-broker-dispatcher
template:
metadata:
name: kafka-broker-dispatcher
labels:
app: kafka-broker-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-broker-dispatcher
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-broker-dispatcher
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-broker-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-broker-dispatcher
image: quay.io/pierdipi/knative-kafka-broker-dispatcher:d4c8707cc377c108496b68f2bf4644e73c592d36ce50928412608fcbc474a98e
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-broker-data-plane
readOnly: true
- mountPath: /etc/brokers-triggers
name: kafka-broker-brokers-triggers
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-broker-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-broker-dispatcher"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-producer.properties
- name: CONSUMER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-consumer.properties
- name: WEBCLIENT_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-webclient.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/brokers-triggers/data
- name: EGRESSES_INITIAL_CAPACITY
value: "20"
- name: INSTANCE_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
tcpSocket:
port: 9090
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 9090
path: /metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config-kafka-broker-data-plane
configMap:
name: config-kafka-broker-data-plane
- name: kafka-broker-brokers-triggers
configMap:
name: kafka-broker-brokers-triggers
- name: cache
emptyDir: {}
- name: kafka-broker-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
dnsConfig:
options:
- name: single-request-reopen
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-broker-receiver
namespace: knative-eventing
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-broker-receiver
template:
metadata:
name: kafka-broker-receiver
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-broker-receiver
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-broker-receiver
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-broker-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-broker-receiver
image: quay.io/pierdipi/knative-kafka-broker-receiver:c76eaeceaba31441f510fccf0a17e7823c56f7acc2d804667ba5dcc371113237
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-broker-data-plane
readOnly: true
- mountPath: /etc/brokers-triggers
name: kafka-broker-brokers-triggers
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-broker-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-broker-receiver"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INGRESS_PORT
value: "8080"
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-producer.properties
- name: HTTPSERVER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-broker-httpserver.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/brokers-triggers/data
- name: LIVENESS_PROBE_PATH
value: /healthz
- name: READINESS_PROBE_PATH
value: /readyz
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /healthz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /readyz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: kafka-broker-brokers-triggers
configMap:
name: kafka-broker-brokers-triggers
- name: config-kafka-broker-data-plane
configMap:
name: config-kafka-broker-data-plane
- name: cache
emptyDir: {}
- name: kafka-broker-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: kafka-broker-ingress
namespace: knative-eventing
labels:
app: kafka-broker-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
app: kafka-broker-receiver
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: http-container
port: 8080
protocol: TCP
targetPort: 8080
- name: http-metrics
port: 9090
protocol: TCP
targetPort: 9090
---
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-channel-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
config-kafka-channel-producer.properties: |
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=io.cloudevents.kafka.CloudEventSerializer
acks=all
buffer.memory=33554432
# compression.type=snappy
retries=2147483647
batch.size=16384
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=600000
delivery.timeout.ms=120000
linger.ms=0
max.block.ms=60000
max.request.size=1048576
partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes=-1
request.timeout.ms=30000
enable.idempotence=false
max.in.flight.requests.per.connection=5
metadata.max.age.ms=300000
# metric.reporters=""
metrics.num.samples=2
metrics.recording.level=INFO
metrics.sample.window.ms=30000
reconnect.backoff.max.ms=1000
reconnect.backoff.ms=50
retry.backoff.ms=100
# transaction.timeout.ms=60000
# transactional.id=null
config-kafka-channel-consumer.properties: |
key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=io.cloudevents.kafka.CloudEventDeserializer
fetch.min.bytes=1
heartbeat.interval.ms=3000
max.partition.fetch.bytes=1048576
session.timeout.ms=10000
# ssl.key.password=
# ssl.keystore.location=
# ssl.keystore.password=
# ssl.truststore.location=
# ssl.truststore.password=
allow.auto.create.topics=true
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=540000
default.api.timeout.ms=60000
enable.auto.commit=false
exclude.internal.topics=true
fetch.max.bytes=52428800
isolation.level=read_uncommitted
max.poll.interval.ms=300000
max.poll.records=500
# partition.assignment.strategy=org.apache.kafka.clients.consumer.CooperativeStickyAssignor
receive.buffer.bytes=65536
request.timeout.ms=30000
# sasl.client.callback.handler.class=
# sasl.jaas.config=
# sasl.kerberos.service.name=
# sasl.login.callback.handler.class
# sasl.login.class
# sasl.mechanism
security.protocol=PLAINTEXT
send.buffer.bytes=131072
# ssl.enabled.protocols=
# ssl.keystore.type=
# ssl.protocol=
# ssl.provider=
auto.commit.interval.ms=5000
check.crcs=true
# client.rack=
fetch.max.wait.ms=500
# interceptor.classes=
metadata.max.age.ms=600000
# metrics.reporters=
# metrics.num.samples=
# metrics.recording.level=INFO
# metrics.sample.window.ms=
reconnect.backoff.max.ms=1000
retry.backoff.ms=100
# sasl.kerberos.kinit.cmd=
# sasl.kerberos.min.time.before.relogin=
# sasl.kerberos.ticket.renew.jitter=
# sasl.login.refresh.buffer.seconds=
# sasl.login.refresh.min.period.seconds=
# sasl.login.refresh.window.factor
# sasl.login.refresh.window.jitter
# security.providers
# ssl.cipher.suites
# ssl.endpoint.identification.algorithm
# ssl.keymanager.algorithm
# ssl.secure.random.implementation
# ssl.trustmanager.algorithm
config-kafka-channel-webclient.properties: |
idleTimeout=10000
config-kafka-channel-httpserver.properties: |
idleTimeout=0
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-channel-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-channel-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-channel-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-channel-data-plane
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-channel-data-plane
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-channel-dispatcher
namespace: knative-eventing
labels:
app: kafka-channel-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-channel-dispatcher
template:
metadata:
name: kafka-channel-dispatcher
labels:
app: kafka-channel-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-channel-dispatcher
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-channel-dispatcher
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-channel-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-channel-dispatcher
image: quay.io/pierdipi/knative-kafka-broker-dispatcher:d4c8707cc377c108496b68f2bf4644e73c592d36ce50928412608fcbc474a98e
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-channel-data-plane
readOnly: true
- mountPath: /etc/channels-subscriptions
name: kafka-channel-channels-subscriptions
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-channel-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-channel-dispatcher"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-channel-producer.properties
- name: CONSUMER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-channel-consumer.properties
- name: WEBCLIENT_CONFIG_FILE_PATH
value: /etc/config/config-kafka-channel-webclient.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/channels-subscriptions/data
- name: EGRESSES_INITIAL_CAPACITY
value: "20"
- name: INSTANCE_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
tcpSocket:
port: 9090
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 9090
path: /metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config-kafka-channel-data-plane
configMap:
name: config-kafka-channel-data-plane
- name: kafka-channel-channels-subscriptions
configMap:
name: kafka-channel-channels-subscriptions
- name: cache
emptyDir: {}
- name: kafka-channel-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
dnsConfig:
options:
- name: single-request-reopen
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-channel-receiver
namespace: knative-eventing
labels:
app: kafka-channel-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-channel-receiver
template:
metadata:
name: kafka-channel-receiver
labels:
app: kafka-channel-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-channel-receiver
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-channel-receiver
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-channel-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-channel-receiver
image: quay.io/pierdipi/knative-kafka-broker-receiver:c76eaeceaba31441f510fccf0a17e7823c56f7acc2d804667ba5dcc371113237
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-channel-data-plane
readOnly: true
- mountPath: /etc/channels-subscriptions
name: kafka-channel-channels-subscriptions
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-channel-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-channel-receiver"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INGRESS_PORT
value: "8080"
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-channel-producer.properties
- name: HTTPSERVER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-channel-httpserver.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/channels-subscriptions/data
- name: LIVENESS_PROBE_PATH
value: /healthz
- name: READINESS_PROBE_PATH
value: /readyz
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /healthz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /readyz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: kafka-channel-channels-subscriptions
configMap:
name: kafka-channel-channels-subscriptions
- name: config-kafka-channel-data-plane
configMap:
name: config-kafka-channel-data-plane
- name: cache
emptyDir: {}
- name: kafka-channel-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: kafka-channel-ingress
namespace: knative-eventing
labels:
app: kafka-channel-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
app: kafka-channel-receiver
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: http-container
port: 8080
protocol: TCP
targetPort: 8080
- name: http-metrics
port: 9090
protocol: TCP
targetPort: 9090
---
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: kafka-broker-config
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
default.topic.partitions: "10"
default.topic.replication.factor: "3"
bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: kafka-channel-config
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkachannels.messaging.knative.dev
labels:
kafka.eventing.knative.dev/release: "v20220419-a62d7ca56"
knative.dev/crd-install: "true"
messaging.knative.dev/subscribable: "true"
duck.knative.dev/addressable: "true"
spec:
group: messaging.knative.dev
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: 'KafkaChannel is a resource representing a Channel that is backed by a topic of an Apache Kafka cluster.'
type: object
properties:
spec:
description: Spec defines the desired state of the Channel.
type: object
properties:
numPartitions:
description: NumPartitions is the number of partitions of a Kafka topic. By default, it is set to 1.
type: integer
format: int32
default: 1
replicationFactor:
description: ReplicationFactor is the replication factor of a Kafka topic. By default, it is set to 1.
type: integer
maximum: 32767
default: 1
retentionDuration:
description: RetentionDuration is the retention time for events in a Kafka Topic represented as an ISO-8601 Duration. By default it is set to 168 hours, which is the precise form of 7 days.
type: string
delivery:
description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec.
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery
subscribers:
description: This is the list of subscriptions for this subscribable.
type: array
items:
type: object
properties:
delivery:
description: DeliverySpec contains options controlling the event delivery
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery
generation:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
status:
description: Status represents the current state of the KafkaChannel. This data may be out of date.
type: object
properties:
address:
type: object
required:
- url
properties:
url:
type: string
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
type: object
required:
- type
- status
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
deadLetterChannel:
description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
deadLetterSinkUri:
description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery.
type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
format: int64
subscribers:
description: This is the list of subscription's statuses for this channel.
type: array
items:
type: object
properties:
message:
description: A human readable message indicating details of Ready status.
type: string
observedGeneration:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
ready:
description: Status of the subscriber.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: URL
type: string
jsonPath: .status.address.url
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
kind: KafkaChannel
plural: kafkachannels
singular: kafkachannel
categories:
- all
- knative
- messaging
- channel
shortNames:
- kc
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook
namespace: knative-eventing
---
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
kafka.eventing.knative.dev/release: "devel"
knative.dev/crd-install: "true"
name: consumers.internal.kafka.eventing.knative.dev
spec:
group: internal.kafka.eventing.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
# this is a work around so we don't need to flesh out the
# schema for each version at this time
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
- name: Subscriber
type: string
jsonPath: .status.subscriberUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
kind: Consumer
plural: consumers
singular: consumer
scope: Namespaced
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
kafka.eventing.knative.dev/release: "devel"
knative.dev/crd-install: "true"
name: consumergroups.internal.kafka.eventing.knative.dev
spec:
group: internal.kafka.eventing.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
scale:
# specReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Spec.Replicas.
specReplicasPath: .spec.replicas
# statusReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Replicas.
statusReplicasPath: .status.replicas
# labelSelectorPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Selector
labelSelectorPath: .status.selector
schema:
openAPIV3Schema:
type: object
# this is a work around so we don't need to flesh out the
# schema for each version at this time
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
- name: Subscriber
type: string
jsonPath: .status.subscriberUri
- name: Replicas
type: string
jsonPath: .spec.replicas
- name: Ready Replicas
type: string
jsonPath: .status.replicas
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
kind: ConsumerGroup
plural: consumergroups
singular: consumergroup
scope: Namespaced
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkasinks.eventing.knative.dev
labels:
duck.knative.dev/addressable: "true"
knative.dev/crd-install: "true"
kafka.eventing.knative.dev/release: "devel"
spec:
group: eventing.knative.dev
names:
kind: KafkaSink
plural: kafkasinks
singular: kafkasink
categories:
- all
- knative
- eventing
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: 'Kafka Sink is Addressable, it receives events and send them to a Kafka topic.'
type: object
properties:
spec:
description: 'Spec defines the desired state of the Kafka Sink.'
type: object
required:
- topic
- bootstrapServers
properties:
topic:
description: 'Topic name to send events.'
type: string
numPartitions:
description: 'Number of topic partitions. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.'
type: integer
format: int32
replicationFactor:
description: 'Topic replication factor. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.'
type: integer
format: int32
bootstrapServers:
description: 'A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.'
type: array
minLength: 1
items:
type: string
contentMode:
description: |
CloudEvent content mode of Kafka messages sent to the topic.
Possible values: [structured, binary] (default: structured)
- https://github.com/cloudevents/spec/blob/v1.0/spec.md#message
- https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#33-structured-content-mode
- https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#32-binary-content-mode
type: string
enum:
- structured
- binary
default: structured
auth:
description: 'Auth configurations'
type: object
properties:
secret:
description: 'Auth secret'
type: object
properties:
ref:
# TODO add format in description (?)
description: |
Secret reference.
type: object
required:
- name
properties:
name:
description: 'Secret name'
type: string
status:
description: 'Status represents the current state of the KafkaSink. This data may be out of date.'
type: object
properties:
address:
description: 'Kafka Sink is Addressable. It exposes the endpoint as an URI to get events delivered to a Kafka topic.'
type: object
properties:
url:
type: string
annotations:
description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.'
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: 'Conditions the latest available observations of a resource''s current state.'
type: array
items:
type: object
required:
- type
- status
properties:
lastTransitionTime:
description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
type: string
message:
description: 'A human readable message indicating details about the transition.'
type: string
reason:
description: 'The reason for the condition''s last transition.'
type: string
severity:
description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
type: string
status:
description: 'Status of the condition, one of True, False, Unknown.'
type: string
type:
description: 'Type of condition.'
type: string
observedGeneration:
description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.'
type: integer
format: int64
additionalPrinterColumns:
- name: URL
type: string
jsonPath: .status.address.url
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
# conversion:
# strategy: Webhook
# webhook:
# conversionReviewVersions: [ "v1alpha1" ]
# clientConfig:
# service:
# name: eventing-kafka-webhook
# namespace: knative-eventing
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
kafka.eventing.knative.dev/release: "v20220419-a62d7ca56"
eventing.knative.dev/source: "true"
duck.knative.dev/source: "true"
knative.dev/crd-install: "true"
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "dev.knative.kafka.event" }
]
name: kafkasources.sources.knative.dev
spec:
group: sources.knative.dev
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# this is a work around so we don't need to flush out the
# schema for each version at this time
#
# see issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
scale:
# specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas.
specReplicasPath: .spec.consumers
# statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas.
statusReplicasPath: .status.consumers
# labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector
labelSelectorPath: .status.selector
additionalPrinterColumns:
- name: Topics
type: string
jsonPath: ".spec.topics"
- name: BootstrapServers
type: string
jsonPath: ".spec.bootstrapServers"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
names:
categories:
- all
- knative
- eventing
- sources
kind: KafkaSource
plural: kafkasources
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-source-webhook
namespace: knative-eventing
---
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources".
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: eventing-kafka-source-observer
labels:
kafka.eventing.knative.dev/release: "devel"
duck.knative.dev/source: "true"
rules:
- apiGroups:
- "sources.knative.dev"
resources:
- "kafkasources"
verbs:
- get
- list
- watch
---
# Copyright 2022 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-source-defaults
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
annotations:
knative.dev/example-checksum: "b6ed351d"
data:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
# autoscalingClass is the autoscaler class name to use.
# valid value: keda.autoscaling.knative.dev
# autoscalingClass: ""
# minScale is the minimum number of replicas to scale down to.
# minScale: "1"
# maxScale is the maximum number of replicas to scale up to.
# maxScale: "1"
# pollingInterval is the interval in seconds KEDA uses to poll metrics.
# pollingInterval: "30"
# cooldownPeriod is the period of time in seconds KEDA waits until it scales down.
# cooldownPeriod: "300"
# kafkaLagThreshold is the lag (ie. number of messages in a partition) threshold for KEDA to scale up sources.
# kafkaLagThreshold: "10"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-descheduler
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
predicates: |
[]
priorities: |
[
{"Name": "RemoveWithEvenPodSpreadPriority",
"Weight": 10,
"Args": "{\"MaxSkew\": 2}"},
{"Name": "RemoveWithAvailabilityZonePriority",
"Weight": 10,
"Args": "{\"MaxSkew\": 2}"},
{"Name": "RemoveWithHighestOrdinalPriority",
"Weight": 2}
]
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
kafka.eventing.knative.dev/release: "devel"
name: config-kafka-leader-election
namespace: knative-eventing
annotations:
knative.dev/example-checksum: "96896b00"
data:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
# leaseDuration is how long non-leaders will wait to try to acquire the
# lock; 15 seconds is the value used by core kubernetes controllers.
leaseDuration: "15s"
# renewDeadline is how long a leader will try to renew the lease before
# giving up; 10 seconds is the value used by core kubernetes controllers.
renewDeadline: "10s"
# retryPeriod is how long the leader election client waits between tries of
# actions; 2 seconds is the value used by core kubernetes controllers.
retryPeriod: "2s"
# buckets is the number of buckets used to partition key space of each
# Reconciler. If this number is M and the replica number of the controller
# is N, the N replicas will compete for the M buckets. The owner of a
# bucket will take care of the reconciling for the keys partitioned into
# that bucket.
buckets: "1"
leaseDuration: "15s"
renewDeadline: "10s"
retryPeriod: "2s"
map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.source.Reconciler: kafka-controller.knative.dev.eventing-kafka.pkg.source.reconciler.source.reconciler
map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.channel.Reconciler: kafkachannel-controller.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.controller.reconciler
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-scheduler
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
predicates: |
[
{"Name": "PodFitsResources"},
{"Name": "NoMaxResourceCount",
"Args": "{\"NumPartitions\": 100}"}
]
priorities: |
[
{"Name": "AvailabilityZonePriority",
"Weight": 10,
"Args": "{\"MaxSkew\": 2}"},
{"Name": "LowestOrdinalPriority",
"Weight": 2},
{"Name": "EvenPodSpread",
"Weight": 2,
"Args": "{\"MaxSkew\": 2}"}
]
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: kafka-config-logging
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
config.xml: |
<configuration>
<appender name="jsonConsoleAppender" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="INFO">
<appender-ref ref="jsonConsoleAppender"/>
</root>
</configuration>
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-tracing
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
knative.dev/config-propagation: original
knative.dev/config-category: eventing
annotations:
knative.dev/example-checksum: "4002b4c2"
data:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
#
# This may be "zipkin" or "stackdriver", the default is "none"
backend: "none"
# URL to zipkin collector where traces are sent.
# This must be specified when backend is "zipkin"
zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans"
# The GCP project into which stackdriver metrics will be written
# when backend is "stackdriver". If unspecified, the project-id
# is read from GCP metadata when running on GCP.
stackdriver-project-id: "my-project"
# Enable zipkin debug mode. This allows all spans to be sent to the server
# bypassing sampling.
debug: "false"
# Percentage (0-1) of requests to trace
sample-rate: "0.1"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: knative-kafka-addressable-resolver
labels:
kafka.eventing.knative.dev/release: "devel"
duck.knative.dev/addressable: "true"
# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
rules:
- apiGroups:
- eventing.knative.dev
resources:
- kafkasinks
- kafkasinks/status
verbs:
- get
- list
- watch
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- get
- list
- watch
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-channelable-manipulator
labels:
kafka.eventing.knative.dev/release: "devel"
duck.knative.dev/channelable: "true"
# Do not use this role directly. These rules will be added to the "channelable-manipulator" role.
rules:
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kafka-controller
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- "*"
resources:
- configmaps
- services
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- "*"
resources:
- pods
verbs:
- list
- update
- get
- watch
- apiGroups:
- "*"
resources:
- pods/finalizers
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- "*"
resources:
- events
verbs:
- patch
- create
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- "*"
resources:
- secrets
verbs:
- list
- get
- watch
# Scheduler permissions
- apiGroups:
- "*"
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- "apps"
resources:
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- update
- patch
# Internal APIs
- apiGroups:
- "internal.kafka.eventing.knative.dev"
resources:
- "consumers"
- "consumers/status"
- "consumergroups"
- "consumergroups/status"
verbs:
- create
- get
- list
- watch
- patch
- update
- delete
- apiGroups:
- "internal.kafka.eventing.knative.dev"
resources:
- "consumers/finalizers"
- "consumergroups/finalizers"
verbs:
- update
- delete
# Eventing resources and statuses we care about
- apiGroups:
- "eventing.knative.dev"
resources:
- "brokers"
- "brokers/status"
- "triggers"
- "triggers/status"
- "kafkasinks"
- "kafkasinks/status"
verbs:
- list
- get
- watch
- patch
- update
# eventing.knative.dev resources and finalizers we care about.
- apiGroups:
- "eventing.knative.dev"
resources:
- "brokers/finalizers"
- "triggers/finalizers"
- "kafkasinks/finalizers"
verbs:
- update
# messaging.knative.dev resources and finalizers we care about.
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
- kafkachannels/status
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- messaging.knative.dev
resources:
- subscriptions
- subscriptions/status
verbs:
- get
- list
- watch
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels/finalizers
verbs:
- update
# sources.knative.dev resources and finalizers we care about.
- apiGroups:
- sources.knative.dev
resources:
- kafkasources
- kafkasources/status
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- sources.knative.dev
resources:
- kafkasources/finalizers
verbs:
- update
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: kafka-controller
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-controller
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: kafka-controller
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: kafka-controller
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-controller-addressable-resolver
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: kafka-controller
namespace: knative-eventing
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: addressable-resolver
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-controller
namespace: knative-eventing
labels:
app: kafka-controller
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-controller
template:
metadata:
name: kafka-controller
labels:
app: kafka-controller
kafka.eventing.knative.dev/release: "devel"
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: kafka-controller
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-controller
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- name: controller
image: quay.io/pierdipi/kafka-controller-409c76cb00d7d7c46941c7e4c366e4a6@sha256:ff7e9ed44bbb34bd53031ecbc68ccba07b172df87a6b779b3196cef505dbf221
imagePullPolicy: IfNotPresent
env:
- name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: SINK_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: SOURCE_DATA_PLANE_CONFIG_MAP_NAMESPACE
value: knative-eventing
- name: BROKER_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-broker-brokers-triggers
- name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-channel-channels-subscriptions
- name: SINK_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-sink-sinks
- name: SOURCE_DATA_PLANE_CONFIG_MAP_NAME
value: kafka-source-sources
- name: BROKER_DATA_PLANE_CONFIG_FORMAT
value: json
- name: CHANNEL_DATA_PLANE_CONFIG_FORMAT
value: json
- name: SINK_DATA_PLANE_CONFIG_FORMAT
value: json
- name: SOURCE_DATA_PLANE_CONFIG_FORMAT
value: json
- name: BROKER_INGRESS_NAME
value: kafka-broker-ingress
- name: CHANNEL_INGRESS_NAME
value: kafka-channel-ingress
- name: SINK_INGRESS_NAME
value: kafka-sink-ingress
- name: SOURCE_INGRESS_NAME
value: kafka-source-ingress
- name: BROKER_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: CHANNEL_GENERAL_CONFIG_MAP_NAME
value: kafka-channel-config
- name: SINK_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: SOURCE_GENERAL_CONFIG_MAP_NAME
value: kafka-broker-config
- name: BROKER_INGRESS_POD_PORT
value: "8080"
- name: CHANNEL_INGRESS_POD_PORT
value: "8080"
- name: SINK_INGRESS_POD_PORT
value: "8080"
- name: BROKER_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CHANNEL_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SINK_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SOURCE_SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BROKER_DEFAULT_BACKOFF_DELAY_MS
value: "1000" # 1 second
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# How often (in seconds) the autoscaler tries to scale down the statefulset.
- name: AUTOSCALER_REFRESH_PERIOD
value: '100'
# The number of virtual replicas each adapter pod can handle.
- name: POD_CAPACITY
value: '20'
- name: SCHEDULER_CONFIG
value: 'config-kafka-scheduler'
- name: DESCHEDULER_CONFIG
value: 'config-kafka-descheduler'
- name: CONFIG_LEADERELECTION_NAME
value: config-kafka-leader-election
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: METRICS_DOMAIN
value: knative.dev/eventing
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 9090
name: metrics
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
restartPolicy: Always
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kafka-webhook-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
# For watching logging configuration and getting certs.
- apiGroups:
- ""
resources:
- "configmaps"
verbs:
- "get"
- "list"
- "watch"
# For manipulating certs into secrets.
- apiGroups:
- ""
resources:
- "secrets"
- "namespaces"
verbs:
- "get"
- "create"
- "update"
- "list"
- "watch"
- "patch"
# For getting our Deployment so we can decorate with ownerref.
- apiGroups:
- "apps"
resources:
- "deployments"
verbs:
- "get"
- apiGroups:
- "apps"
resources:
- "deployments/finalizers"
verbs:
- update
# For actually registering our webhook.
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- "mutatingwebhookconfigurations"
- "validatingwebhookconfigurations"
verbs: &everything
- "get"
- "list"
- "create"
- "update"
- "delete"
- "patch"
- "watch"
# For leader election
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs: *everything
# finalizers are needed for the owner reference of the webhook
- apiGroups:
- ""
resources:
- "namespaces/finalizers"
verbs:
- "update"
# Eventing resources care about
- apiGroups:
- "eventing.knative.dev"
resources:
- "brokers"
verbs:
- list
- get
- watch
# messaging.knative.dev resources and finalizers we care about.
- apiGroups:
- messaging.knative.dev
resources:
- kafkachannels
verbs:
- get
- list
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kafka-webhook-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: kafka-webhook-eventing
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: kafka-webhook-eventing
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: defaulting.webhook.kafka.eventing.knative.dev
labels:
kafka.eventing.knative.dev/release: "devel"
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook-eventing
namespace: knative-eventing
sideEffects: None
failurePolicy: Fail
name: defaulting.webhook.kafka.eventing.knative.dev
timeoutSeconds: 2
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pods.defaulting.webhook.kafka.eventing.knative.dev
labels:
kafka.eventing.knative.dev/release: "devel"
webhooks:
# Dispatcher pods webhook config.
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook-eventing
namespace: knative-eventing
sideEffects: None
failurePolicy: Fail
name: pods.defaulting.webhook.kafka.eventing.knative.dev
timeoutSeconds: 2
reinvocationPolicy: IfNeeded
matchPolicy: Equivalent
namespaceSelector:
matchExpressions: []
matchLabels:
app.kubernetes.io/name: knative-eventing
objectSelector:
matchLabels:
app.kubernetes.io/component: kafka-dispatcher
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: kafka-webhook-eventing-certs
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
# The data is populated at install time.
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.kafka.eventing.knative.dev
labels:
kafka.eventing.knative.dev/release: "devel"
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
service:
name: kafka-webhook-eventing
namespace: knative-eventing
sideEffects: None
failurePolicy: Fail
name: validation.webhook.kafka.eventing.knative.dev
timeoutSeconds: 2
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-webhook-eventing
template:
metadata:
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-webhook-eventing
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: kafka-webhook-eventing
securityContext:
runAsNonRoot: true
containers:
- name: kafka-webhook-eventing
terminationMessagePolicy: FallbackToLogsOnError
image: quay.io/pierdipi/webhook-kafka-a0744e57e2361781824e0eef2db067de@sha256:5a636e06c1cb5d623b46c6dfcc6a42382f1200b231a0b8479889f2ad3160ed67
resources:
requests:
cpu: 20m
memory: 20Mi
limits:
cpu: 200m
memory: 200Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LEADERELECTION_NAME
value: config-kafka-leader-election
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: METRICS_DOMAIN
value: knative.dev/eventing
- name: WEBHOOK_NAME
value: kafka-webhook-eventing
- name: WEBHOOK_PORT
value: "8443"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
allowPrivilegeEscalation: false
ports:
- name: https-webhook
containerPort: 8443
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
readinessProbe: &probe
periodSeconds: 1
httpGet:
scheme: HTTPS
port: 8443
httpHeaders:
- name: k-kubelet-probe
value: "webhook"
livenessProbe:
!!merge <<: *probe
initialDelaySeconds: 20
# Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
# high value that we respect whatever value it has configured for the lame duck grace period.
terminationGracePeriodSeconds: 300
---
apiVersion: v1
kind: Service
metadata:
name: kafka-webhook-eventing
namespace: knative-eventing
labels:
app: kafka-webhook-eventing
kafka.eventing.knative.dev/release: "devel"
spec:
ports:
- name: https-webhook
port: 443
targetPort: 8443
- name: http-metrics
port: 9090
targetPort: 9090
selector:
app: kafka-webhook-eventing
---
# Copyright 2022 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-controller-post-install
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- delete
- deletecollection
# sources.knative.dev resources and finalizers we care about.
- apiGroups:
- sources.knative.dev
resources:
- kafkasources
- kafkasources/status
verbs:
- get
- list
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
resourceNames:
- defaulting.webhook.kafka.sources.knative.dev
- defaulting.webhook.kafka.messaging.knative.dev
verbs:
- delete
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
resourceNames:
- validation.webhook.kafka.sources.knative.dev
- config.webhook.kafka.sources.knative.dev
- validation.webhook.kafka.messaging.knative.dev
verbs:
- delete
- apiGroups:
- "*"
resources:
- services
resourceNames:
- kafka-source-webhook
- kafka-controller
- kafka-webhook
- kafka-ch-dispatcher
verbs:
- delete
# to be able to list channel services and patch them
- apiGroups:
- "*"
resources:
- services
verbs:
- list
- patch
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- kafka-controller-manager
- kafka-webhook
- kafka-ch-controller
- kafka-ch-dispatcher
verbs:
- delete
# to be able to check readiness of the new dataplane
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- kafka-channel-dispatcher
- kafka-channel-receiver
- kafka-controller
verbs:
- get
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
resourceNames:
- eventing-sources-kafka-controller
- eventing-sources-kafka-controller-addressable-resolver
- kafka-webhook
- kafka-ch-controller
- kafka-ch-dispatcher
- eventing-sources-kafka-controller-podspecable-binding
verbs:
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
resourceNames:
- eventing-sources-kafka-controller
- kafka-webhook
- kafka-ch-controller
- kafka-addressable-resolver
- kafka-channelable-manipulator
- kafka-ch-dispatcher
verbs:
- delete
- apiGroups:
- "*"
resources:
- serviceaccounts
resourceNames:
- kafka-controller-manager
- kafka-webhook
- kafka-ch-controller
- kafka-ch-dispatcher
verbs:
- delete
- apiGroups:
- "*"
resources:
- secrets
resourceNames:
- kafka-source-webhook-certs
- messaging-webhook-certs
verbs:
- delete
- apiGroups:
- "*"
resources:
- horizontalpodautoscalers
resourceNames:
- kafka-webhook
verbs:
- delete
- apiGroups:
- "*"
resources:
- poddisruptionbudgets
resourceNames:
- kafka-webhook
verbs:
- delete
- apiGroups:
- "*"
resources:
- leases
resourceNames:
- kafkachannel-dispatcher.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.dispatcher.reconciler.00-of-01
verbs:
- delete
- apiGroups:
- "*"
resources:
- configmaps
resourceNames:
- config-leader-election-kafkachannel
verbs:
- delete
# to be able to read the old configmap and migrate it
- apiGroups:
- "*"
resources:
- configmaps
resourceNames:
- config-kafka
verbs:
- get
# to be able update config in the new configmap
- apiGroups:
- "*"
resources:
- configmaps
resourceNames:
- kafka-channel-config
verbs:
- patch
---
# Copyright 2022 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-controller-post-install
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-storage-version-migrator
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
# Storage version upgrader needs to be able to patch CRDs.
- apiGroups:
- "apiextensions.k8s.io"
resources:
- "customresourcedefinitions"
- "customresourcedefinitions/status"
verbs:
- "get"
- "list"
- "update"
- "patch"
- "watch"
# Our own resources we care about.
- apiGroups:
- "sources.knative.dev"
resources:
- "kafkasources"
- "kafkasources/finalizers"
- "kafkasources/status"
verbs:
- "get"
- "list"
- "create"
- "update"
- "patch"
- "watch"
- apiGroups:
- "messaging.knative.dev"
resources:
- "kafkachannels"
- "kafkachannels/finalizers"
- "kafkachannels/status"
verbs:
- "get"
- "list"
- "create"
- "update"
- "patch"
- "watch"
- apiGroups:
- ""
resources:
- "namespaces"
verbs:
- "get"
- "list"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-storage-version-migrator
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-storage-version-migrator
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-storage-version-migrator
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-storage-version-migrator
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2022 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-controller-post-install
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-controller-post-install
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-controller-post-install
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2022 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: batch/v1
kind: Job
metadata:
name: kafka-controller-post-install
namespace: knative-eventing
labels:
app: kafka-controller-post-install
kafka.eventing.knative.dev/release: "devel"
spec:
ttlSecondsAfterFinished: 600
backoffLimit: 10
template:
metadata:
labels:
app: kafka-controller-post-install
kafka.eventing.knative.dev/release: "devel"
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: knative-kafka-controller-post-install
restartPolicy: OnFailure
containers:
- name: post-install
image: quay.io/pierdipi/post-install-556eadd8a59c2213d960089c7a8fad4a@sha256:7a31fb24ea01afd4dcdf1399564936572979c213d894b3f8097ed733a9a8b01b
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CHANNEL_GENERAL_CONFIG_MAP_NAME
value: kafka-channel-config
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: batch/v1
kind: Job
metadata:
name: knative-kafka-storage-version-migrator
namespace: knative-eventing
labels:
app: "knative-kafka-storage-version-migrator"
kafka.eventing.knative.dev/release: "devel"
spec:
ttlSecondsAfterFinished: 600
backoffLimit: 10
template:
metadata:
labels:
app: "knative-kafka-storage-version-migrator"
kafka.eventing.knative.dev/release: "devel"
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: knative-kafka-storage-version-migrator
restartPolicy: OnFailure
containers:
- name: migrate
image: quay.io/pierdipi/migrate-242d0a35bf580c5b411a545d79618fbf@sha256:8525374c5773413d57f1e9d5837c4b9db2e3f48068b67bb56f050610d00259f5
args:
- "kafkasources.sources.knative.dev"
- "kafkachannels.messaging.knative.dev"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-sink-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
config-kafka-sink-producer.properties: |
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=io.cloudevents.kafka.CloudEventSerializer
acks=all
buffer.memory=33554432
# compression.type=snappy
retries=2147483647
batch.size=16384
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=600000
delivery.timeout.ms=120000
linger.ms=0
max.block.ms=60000
max.request.size=1048576
partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes=-1
request.timeout.ms=30000
enable.idempotence=false
max.in.flight.requests.per.connection=5
metadata.max.age.ms=300000
# metric.reporters=""
metrics.num.samples=2
metrics.recording.level=INFO
metrics.sample.window.ms=30000
reconnect.backoff.max.ms=1000
reconnect.backoff.ms=50
retry.backoff.ms=100
# transaction.timeout.ms=60000
# transactional.id=null
config-kafka-sink-httpserver.properties: |
idleTimeout=0
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-sink-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-sink-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-sink-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-sink-data-plane
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-sink-data-plane
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-sink-receiver
namespace: knative-eventing
labels:
app: kafka-sink-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-sink-receiver
template:
metadata:
name: kafka-sink-receiver
labels:
app: kafka-sink-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-sink-receiver
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-sink-receiver
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-sink-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-sink-receiver
image: quay.io/pierdipi/knative-kafka-broker-receiver:c76eaeceaba31441f510fccf0a17e7823c56f7acc2d804667ba5dcc371113237
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-sink-data-plane
readOnly: true
- mountPath: /etc/sinks
name: kafka-sink-sinks
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-sink-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-sink-receiver"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INGRESS_PORT
value: "8080"
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-sink-producer.properties
- name: HTTPSERVER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-sink-httpserver.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/sinks/data
- name: LIVENESS_PROBE_PATH
value: /healthz
- name: READINESS_PROBE_PATH
value: /readyz
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /healthz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
port: 8080
path: /readyz
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: kafka-sink-sinks
configMap:
name: kafka-sink-sinks
- name: config-kafka-sink-data-plane
configMap:
name: config-kafka-sink-data-plane
- name: cache
emptyDir: {}
- name: kafka-sink-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: kafka-sink-ingress
namespace: knative-eventing
labels:
app: kafka-sink-receiver
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
app: kafka-sink-receiver
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: http-container
port: 8080
protocol: TCP
targetPort: 8080
- name: http-metrics
port: 9090
protocol: TCP
targetPort: 9090
---
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-kafka-source-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
data:
config-kafka-source-producer.properties: |
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=io.cloudevents.kafka.CloudEventSerializer
acks=all
buffer.memory=33554432
# compression.type=snappy
retries=2147483647
batch.size=16384
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=600000
delivery.timeout.ms=120000
linger.ms=0
max.block.ms=60000
max.request.size=1048576
partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes=-1
request.timeout.ms=30000
enable.idempotence=false
max.in.flight.requests.per.connection=5
metadata.max.age.ms=300000
# metric.reporters=""
metrics.num.samples=2
metrics.recording.level=INFO
metrics.sample.window.ms=30000
reconnect.backoff.max.ms=1000
reconnect.backoff.ms=50
retry.backoff.ms=100
# transaction.timeout.ms=60000
# transactional.id=null
config-kafka-source-consumer.properties: |
cloudevent.invalid.transformer.enabled=true
cloudevent.invalid.kind.plural=kafkasources
key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=io.cloudevents.kafka.CloudEventDeserializer
fetch.min.bytes=1
heartbeat.interval.ms=3000
max.partition.fetch.bytes=1048576
session.timeout.ms=10000
# ssl.key.password=
# ssl.keystore.location=
# ssl.keystore.password=
# ssl.truststore.location=
# ssl.truststore.password=
allow.auto.create.topics=true
auto.offset.reset=earliest
client.dns.lookup=use_all_dns_ips
connections.max.idle.ms=540000
default.api.timeout.ms=60000
enable.auto.commit=false
exclude.internal.topics=true
fetch.max.bytes=52428800
isolation.level=read_uncommitted
max.poll.interval.ms=300000
max.poll.records=500
# partition.assignment.strategy=org.apache.kafka.clients.consumer.CooperativeStickyAssignor
receive.buffer.bytes=65536
request.timeout.ms=30000
# sasl.client.callback.handler.class=
# sasl.jaas.config=
# sasl.kerberos.service.name=
# sasl.login.callback.handler.class
# sasl.login.class
# sasl.mechanism
security.protocol=PLAINTEXT
send.buffer.bytes=131072
# ssl.enabled.protocols=
# ssl.keystore.type=
# ssl.protocol=
# ssl.provider=
auto.commit.interval.ms=5000
check.crcs=true
# client.rack=
fetch.max.wait.ms=500
# interceptor.classes=
metadata.max.age.ms=600000
# metrics.reporters=
# metrics.num.samples=
# metrics.recording.level=INFO
# metrics.sample.window.ms=
reconnect.backoff.max.ms=1000
retry.backoff.ms=100
# sasl.kerberos.kinit.cmd=
# sasl.kerberos.min.time.before.relogin=
# sasl.kerberos.ticket.renew.jitter=
# sasl.login.refresh.buffer.seconds=
# sasl.login.refresh.min.period.seconds=
# sasl.login.refresh.window.factor
# sasl.login.refresh.window.jitter
# security.providers
# ssl.cipher.suites
# ssl.endpoint.identification.algorithm
# ssl.keymanager.algorithm
# ssl.secure.random.implementation
# ssl.trustmanager.algorithm
config-kafka-source-webclient.properties: |
idleTimeout=10000
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-kafka-source-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-kafka-source-data-plane
namespace: knative-eventing
labels:
kafka.eventing.knative.dev/release: "devel"
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-kafka-source-data-plane
labels:
kafka.eventing.knative.dev/release: "devel"
subjects:
- kind: ServiceAccount
name: knative-kafka-source-data-plane
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-kafka-source-data-plane
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2021 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka-source-dispatcher
namespace: knative-eventing
labels:
app: kafka-source-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
selector:
matchLabels:
app: kafka-source-dispatcher
template:
metadata:
name: kafka-source-dispatcher
labels:
app: kafka-source-dispatcher
kafka.eventing.knative.dev/release: "devel"
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes and zones.
topologySpreadConstraints:
- maxSkew: 2
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: kafka-source-dispatcher
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app: kafka-source-dispatcher
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: knative-kafka-source-data-plane
securityContext:
runAsNonRoot: true
containers:
- name: kafka-source-dispatcher
image: quay.io/pierdipi/knative-kafka-broker-dispatcher:d4c8707cc377c108496b68f2bf4644e73c592d36ce50928412608fcbc474a98e
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/config
name: config-kafka-source-data-plane
readOnly: true
- mountPath: /etc/sources
name: kafka-source-sources
readOnly: true
- mountPath: /tmp
name: cache
- mountPath: /etc/logging
name: kafka-config-logging
readOnly: true
- mountPath: /etc/tracing
name: config-tracing
readOnly: true
ports:
- containerPort: 9090
name: http-metrics
protocol: TCP
env:
- name: SERVICE_NAME
value: "kafka-source-dispatcher"
- name: SERVICE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PRODUCER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-source-producer.properties
- name: CONSUMER_CONFIG_FILE_PATH
value: /etc/config/config-kafka-source-consumer.properties
- name: WEBCLIENT_CONFIG_FILE_PATH
value: /etc/config/config-kafka-source-webclient.properties
- name: DATA_PLANE_CONFIG_FILE_PATH
value: /etc/sources/data
- name: EGRESSES_INITIAL_CAPACITY
value: "20"
- name: INSTANCE_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: METRICS_PATH
value: /metrics
- name: METRICS_PORT
value: "9090"
- name: METRICS_PUBLISH_QUANTILES
value: "false"
- name: METRICS_JVM_ENABLED
value: "false"
- name: CONFIG_TRACING_PATH
value: "/etc/tracing"
# https://github.com/fabric8io/kubernetes-client/issues/2212
- name: HTTP2_DISABLE
value: "true"
# This should be set according to initial delay seconds
- name: WAIT_STARTUP_SECONDS
value: "8"
command:
- "java"
args:
- "-Dlogback.configurationFile=/etc/logging/config.xml"
- "-jar"
- "/app/app.jar"
# TODO set resources (limits and requests)
livenessProbe:
failureThreshold: 3
tcpSocket:
port: 9090
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
tcpSocket:
port: 9090
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
terminationMessagePath: /dev/temination-log
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config-kafka-source-data-plane
configMap:
name: config-kafka-source-data-plane
- name: kafka-source-sources
configMap:
name: kafka-source-sources
- name: cache
emptyDir: {}
- name: kafka-config-logging
configMap:
name: kafka-config-logging
- name: config-tracing
configMap:
name: config-tracing
restartPolicy: Always
dnsConfig:
options:
- name: single-request-reopen
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment