Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-09 15:38:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kafka] bugfix: add missing persistentVolumeClaimRetentionPolicy and fix config & network policies when adding extra listeners (#32615)

Browse Source
This commit is contained in:
Juan Ariza Toledano
2025-03-26 16:12:06 +01:00
committed by GitHub
parent 328166c403
commit 9d1b911d00
11 changed files with 253 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bitnami/kafka/CHANGELOG.md
View File

@@ -1,8 +1,12 @@
# Changelog
## 32.0.3 (2025-03-26)
## 32.1.0 (2025-03-26)
* [bitnami/kafka] bugfix: use kafka-broker-api-versions.sh to wait for Kafka on provisioning ([#32613](https://github.com/bitnami/charts/pull/32613))
* [bitnami/kafka] bugfix: add missing persistentVolumeClaimRetentionPolicy and fix config & network policies when adding extra listeners ([#32615](https://github.com/bitnami/charts/pull/32615))
## <small>32.0.3 (2025-03-26)</small>
* [bitnami/kafka] bugfix: use kafka-broker-api-versions.sh to wait for Kafka on provisioning (#32613) ([328166c](https://github.com/bitnami/charts/commit/328166c403f2d3b4a9a548561b25dc43efb7eebf)), closes [#32613](https://github.com/bitnami/charts/issues/32613)
## <small>32.0.2 (2025-03-26)</small>

2
bitnami/kafka/Chart.yaml
View File

@@ -36,4 +36,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 32.0.3
version: 32.1.0

136
bitnami/kafka/README.md
View File

@@ -662,40 +662,43 @@ To back up and restore Helm chart deployments on Kubernetes, you need to back up
### Experimental: Kafka Controller Autoscaling configuration
| Name | Description | Value |
| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `controller.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `controller.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `controller.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `controller.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `controller.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `controller.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `controller.autoscaling.hpa.enabled` | Enable HPA for Kafka Controller | `false` |
| `controller.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` |
| `controller.autoscaling.hpa.minReplicas` | Minimum number of Kafka Controller replicas | `""` |
| `controller.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Controller replicas | `""` |
| `controller.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `controller.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
| `controller.pdb.create` | Deploy a pdb object for the Kafka pod | `true` |
| `controller.pdb.minAvailable` | Minimum number/percentage of available Kafka replicas | `""` |
| `controller.pdb.maxUnavailable` | Maximum number/percentage of unavailable Kafka replicas | `""` |
| `controller.persistence.enabled` | Enable Kafka data persistence using PVC | `true` |
| `controller.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `controller.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` |
| `controller.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `controller.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` |
| `controller.persistence.annotations` | Annotations for the PVC | `{}` |
| `controller.persistence.labels` | Labels for the PVC | `{}` |
| `controller.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `controller.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` |
| `controller.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` |
| `controller.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `controller.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` |
| `controller.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `controller.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` |
| `controller.logPersistence.annotations` | Annotations for the PVC | `{}` |
| `controller.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `controller.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` |
| Name | Description | Value |
| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `controller.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `controller.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `controller.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `controller.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `controller.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `controller.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `controller.autoscaling.hpa.enabled` | Enable HPA for Kafka Controller | `false` |
| `controller.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` |
| `controller.autoscaling.hpa.minReplicas` | Minimum number of Kafka Controller replicas | `""` |
| `controller.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Controller replicas | `""` |
| `controller.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `controller.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
| `controller.pdb.create` | Deploy a pdb object for the Kafka pod | `true` |
| `controller.pdb.minAvailable` | Minimum number/percentage of available Kafka replicas | `""` |
| `controller.pdb.maxUnavailable` | Maximum number/percentage of unavailable Kafka replicas | `""` |
| `controller.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
| `controller.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
| `controller.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
| `controller.persistence.enabled` | Enable Kafka data persistence using PVC | `true` |
| `controller.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `controller.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` |
| `controller.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `controller.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` |
| `controller.persistence.annotations` | Annotations for the PVC | `{}` |
| `controller.persistence.labels` | Labels for the PVC | `{}` |
| `controller.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `controller.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` |
| `controller.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` |
| `controller.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `controller.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` |
| `controller.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `controller.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` |
| `controller.logPersistence.annotations` | Annotations for the PVC | `{}` |
| `controller.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `controller.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` |
### Broker-only statefulset parameters
@@ -786,37 +789,40 @@ To back up and restore Helm chart deployments on Kubernetes, you need to back up
### Experimental: Kafka Broker Autoscaling configuration
| Name | Description | Value |
| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `broker.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `broker.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `broker.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `broker.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `broker.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `broker.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `broker.autoscaling.hpa.enabled` | Enable HPA for Kafka Broker | `false` |
| `broker.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` |
| `broker.autoscaling.hpa.minReplicas` | Minimum number of Kafka Broker replicas | `""` |
| `broker.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Broker replicas | `""` |
| `broker.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `broker.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
| `broker.persistence.enabled` | Enable Kafka data persistence using PVC | `true` |
| `broker.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `broker.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` |
| `broker.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `broker.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` |
| `broker.persistence.annotations` | Annotations for the PVC | `{}` |
| `broker.persistence.labels` | Labels for the PVC | `{}` |
| `broker.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `broker.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` |
| `broker.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` |
| `broker.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `broker.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` |
| `broker.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `broker.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` |
| `broker.logPersistence.annotations` | Annotations for the PVC | `{}` |
| `broker.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `broker.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` |
| Name | Description | Value |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `broker.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `broker.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `broker.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `broker.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `broker.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `broker.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `broker.autoscaling.hpa.enabled` | Enable HPA for Kafka Broker | `false` |
| `broker.autoscaling.hpa.annotations` | Annotations for HPA resource | `{}` |
| `broker.autoscaling.hpa.minReplicas` | Minimum number of Kafka Broker replicas | `""` |
| `broker.autoscaling.hpa.maxReplicas` | Maximum number of Kafka Broker replicas | `""` |
| `broker.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `broker.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
| `broker.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
| `broker.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
| `broker.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
| `broker.persistence.enabled` | Enable Kafka data persistence using PVC | `true` |
| `broker.persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `broker.persistence.storageClass` | PVC Storage Class for Kafka data volume | `""` |
| `broker.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `broker.persistence.size` | PVC Storage Request for Kafka data volume | `8Gi` |
| `broker.persistence.annotations` | Annotations for the PVC | `{}` |
| `broker.persistence.labels` | Labels for the PVC | `{}` |
| `broker.persistence.selector` | Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `broker.persistence.mountPath` | Mount path of the Kafka data volume | `/bitnami/kafka` |
| `broker.logPersistence.enabled` | Enable Kafka logs persistence using PVC | `false` |
| `broker.logPersistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `broker.logPersistence.storageClass` | PVC Storage Class for Kafka logs volume | `""` |
| `broker.logPersistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `broker.logPersistence.size` | PVC Storage Request for Kafka logs volume | `8Gi` |
| `broker.logPersistence.annotations` | Annotations for the PVC | `{}` |
| `broker.logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` |
| `broker.logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` |
### Traffic Exposure parameters

43
bitnami/kafka/templates/_helpers.tpl
View File

@@ -427,14 +427,18 @@ Returns the Kafka listeners settings based on the listeners.* object
{{- $listeners = append $listeners .context.Values.listeners.external -}}
{{- end -}}
{{- if .isController -}}
{{- if .context.Values.controller.controllerOnly -}}
{{- $listeners = list .context.Values.listeners.controller -}}
{{- if .context.Values.controller.controllerOnly -}}
{{- $listeners = list .context.Values.listeners.controller -}}
{{- else -}}
{{- $listeners = append $listeners .context.Values.listeners.controller -}}
{{- range $i := .context.Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- $listeners = append $listeners .context.Values.listeners.controller -}}
{{- end -}}
{{- end -}}
{{- range $i := .context.Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- range $i := .context.Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- end -}}
{{- end -}}
{{- $res := list -}}
{{- range $listener := $listeners -}}
@@ -467,15 +471,26 @@ Returns the list of advertised listeners, although the advertised address will b
Returns the value listener.security.protocol.map based on the values of 'listeners.*.protocol'
*/}}
{{- define "kafka.securityProtocolMap" -}}
{{- if .Values.listeners.securityProtocolMap -}}
{{- print .Values.listeners.securityProtocolMap -}}
{{- if .context.Values.listeners.securityProtocolMap -}}
{{- print .context.Values.listeners.securityProtocolMap -}}
{{- else -}}
{{- $listeners := list .Values.listeners.client .Values.listeners.interbroker .Values.listeners.controller -}}
{{- range $i := .Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- $listeners := list .context.Values.listeners.client .context.Values.listeners.interbroker -}}
{{- if .isController -}}
{{- if .context.Values.controller.controllerOnly -}}
{{- $listeners = list .context.Values.listeners.controller -}}
{{- else -}}
{{- $listeners = append $listeners .context.Values.listeners.controller -}}
{{- range $i := .context.Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- range $i := .context.Values.listeners.extraListeners -}}
{{- $listeners = append $listeners $i -}}
{{- end -}}
{{- end -}}
{{- if and .Values.externalAccess.enabled -}}
{{- $listeners = append $listeners .Values.listeners.external -}}
{{- if and .context.Values.externalAccess.enabled -}}
{{- $listeners = append $listeners .context.Values.listeners.external -}}
{{- end -}}
{{- $res := list -}}
{{- range $listener := $listeners -}}

2
bitnami/kafka/templates/broker/configmap.yaml
View File

@@ -13,7 +13,7 @@ ref: https://kafka.apache.org/documentation/#configuration
{{- else }}
# Listeners configuration
listeners: {{ include "kafka.listeners" (dict "isController" false "context" .) }}
listener.security.protocol.map: {{ include "kafka.securityProtocolMap" . }}
listener.security.protocol.map: {{ include "kafka.securityProtocolMap" (dict "isController" false "context" .) }}
advertised.listeners: {{ include "kafka.advertisedListeners" . }}
# Kafka data logs directory
log.dir: {{ printf "%s/data" .Values.broker.persistence.mountPath }}

18
bitnami/kafka/templates/networkpolicy.yaml → bitnami/kafka/templates/broker/networkpolicy.yaml
View File

@@ -7,16 +7,20 @@ SPDX-License-Identifier: APACHE-2.0
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname" . }}
name: {{ template "kafka.broker.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: broker
app.kubernetes.io/part-of: kafka
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.broker.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: broker
app.kubernetes.io/part-of: kafka
policyTypes:
- Ingress
- Egress
@@ -35,7 +39,9 @@ spec:
- ports:
- port: {{ .Values.listeners.client.containerPort }}
- port: {{ .Values.listeners.interbroker.containerPort }}
- port: {{ .Values.listeners.controller.containerPort }}
{{- range $listener := .Values.listeners.extraListeners }}
- port: {{ $listener.containerPort }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
- port: {{ .Values.listeners.external.containerPort }}
{{- end }}
@@ -51,7 +57,9 @@ spec:
- ports:
- port: {{ .Values.listeners.client.containerPort }}
- port: {{ .Values.listeners.interbroker.containerPort }}
- port: {{ .Values.listeners.controller.containerPort }}
{{- range $listener := .Values.listeners.extraListeners }}
- port: {{ $listener.containerPort }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
- port: {{ .Values.listeners.external.containerPort }}
{{- end }}
@@ -61,7 +69,7 @@ spec:
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
{{- if .Values.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:

5
bitnami/kafka/templates/broker/statefulset.yaml
View File

@@ -359,6 +359,11 @@ spec:
claimName: {{ printf "%s" (tpl .Values.broker.logPersistence.existingClaim .) }}
{{- end }}
{{- if or (and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim)) (and .Values.broker.logPersistence.enabled (not .Values.broker.logPersistence.existingClaim)) }}
{{- if .Values.broker.persistentVolumeClaimRetentionPolicy.enabled }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.broker.persistentVolumeClaimRetentionPolicy.whenDeleted }}
whenScaled: {{ .Values.broker.persistentVolumeClaimRetentionPolicy.whenScaled }}
{{- end }}
volumeClaimTemplates:
{{- if and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim) }}
- apiVersion: v1

2
bitnami/kafka/templates/controller-eligible/configmap.yaml
View File

@@ -13,7 +13,7 @@ ref: https://kafka.apache.org/documentation/#configuration
{{- else }}
# Listeners configuration
listeners: {{ include "kafka.listeners" (dict "isController" true "context" .) }}
listener.security.protocol.map: {{ include "kafka.securityProtocolMap" . }}
listener.security.protocol.map: {{ include "kafka.securityProtocolMap" (dict "isController" true "context" .) }}
{{- if not .Values.controller.controllerOnly }}
advertised.listeners: {{ include "kafka.advertisedListeners" . }}
{{- end }}

100
bitnami/kafka/templates/controller-eligible/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,100 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "kafka.controller.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: controller
app.kubernetes.io/part-of: kafka
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: controller
app.kubernetes.io/part-of: kafka
policyTypes:
- Ingress
- Egress
{{- if .Values.networkPolicy.allowExternalEgress }}
egress:
- {}
{{- else }}
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow internal communications between nodes
- ports:
- port: {{ .Values.listeners.controller.containerPort }}
{{- if not .Values.controller.controllerOnly }}
- port: {{ .Values.listeners.client.containerPort }}
- port: {{ .Values.listeners.interbroker.containerPort }}
{{- range $listener := .Values.listeners.extraListeners }}
- port: {{ $listener.containerPort }}
{{- end }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
- port: {{ .Values.listeners.external.containerPort }}
{{- end }}
to:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
# Allow client connections
- ports:
- port: {{ .Values.listeners.controller.containerPort }}
{{- if not .Values.controller.controllerOnly }}
- port: {{ .Values.listeners.client.containerPort }}
- port: {{ .Values.listeners.interbroker.containerPort }}
{{- range $listener := .Values.listeners.extraListeners }}
- port: {{ $listener.containerPort }}
{{- end }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
- port: {{ .Values.listeners.external.containerPort }}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- port: {{ .Values.metrics.jmx.containerPorts.metrics }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
{{- if and .Values.networkPolicy.addExternalClientAccess (not .Values.controller.controllerOnly) }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- end }}
{{- if .Values.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSPodMatchLabel "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

7
bitnami/kafka/templates/controller-eligible/statefulset.yaml
View File

@@ -174,7 +174,7 @@ spec:
- name: external
containerPort: {{ .Values.listeners.external.containerPort }}
{{- end }}
{{- if .Values.listeners.extraListeners }}
{{- if and .Values.listeners.extraListeners (not .Values.controller.controllerOnly) }}
{{- include "kafka.extraListeners.containerPorts" . | nindent 12 }}
{{- end }}
{{- end }}
@@ -371,6 +371,11 @@ spec:
claimName: {{ printf "%s" (tpl .Values.controller.logPersistence.existingClaim .) }}
{{- end }}
{{- if or (and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim)) (and .Values.controller.logPersistence.enabled (not .Values.controller.logPersistence.existingClaim)) }}
{{- if .Values.controller.persistentVolumeClaimRetentionPolicy.enabled }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.controller.persistentVolumeClaimRetentionPolicy.whenDeleted }}
whenScaled: {{ .Values.controller.persistentVolumeClaimRetentionPolicy.whenScaled }}
{{- end }}
volumeClaimTemplates:
{{- if and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim) }}
- apiVersion: v1

20
bitnami/kafka/values.yaml
View File

@@ -1037,6 +1037,16 @@ controller:
create: true
minAvailable: ""
maxUnavailable: ""
## persistentVolumeClaimRetentionPolicy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
## @param controller.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
## @param controller.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
## @param controller.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
##
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
@@ -1483,6 +1493,16 @@ broker:
## @param broker.autoscaling.hpa.targetMemory Target Memory utilization percentage
##
targetMemory: ""
## persistentVolumeClaimRetentionPolicy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
## @param broker.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
## @param broker.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
## @param broker.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
##
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##