mirror of
https://github.com/bitnami/charts.git
synced 2026-02-28 15:37:42 +08:00
[bitnami/zookeeper] Major release 10: Rename client-server authentication parameters and add support for server-server authentication (#10689)
* [bitnami/zookeeper] Major release 10: Rename client-server authentication parameters and add support for server-server authentication Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Fix values metadata Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <containers@bitnami.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <containers@bitnami.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * [bitnami/zookeeper] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Miguel Ruiz
@@ -21,4 +21,4 @@ name: zookeeper
|
||||
sources:
|
||||
- https://github.com/bitnami/bitnami-docker-zookeeper
|
||||
- https://zookeeper.apache.org/
|
||||
version: 9.2.7
|
||||
version: 10.0.0
|
||||
|
||||
@@ -80,43 +80,49 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### ZooKeeper chart parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r0` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enabled` | Enable ZooKeeper auth. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.clientUser` | User that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.clientPassword` | Password that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` |
|
||||
| `auth.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` |
|
||||
| `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` |
|
||||
| `syncLimit` | How far out of date a server can be from a leader | `5` |
|
||||
| `preAllocSize` | Block size for transaction log file | `65536` |
|
||||
| `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` |
|
||||
| `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` |
|
||||
| `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` |
|
||||
| `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` |
|
||||
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
|
||||
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
|
||||
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
|
||||
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
|
||||
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
|
||||
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
|
||||
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
|
||||
| `dataLogDir` | Dedicated data log directory | `""` |
|
||||
| `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` |
|
||||
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r5` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.clientPassword` | Password that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` |
|
||||
| `auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.client.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` |
|
||||
| `auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.quorum.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` |
|
||||
| `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` |
|
||||
| `syncLimit` | How far out of date a server can be from a leader | `5` |
|
||||
| `preAllocSize` | Block size for transaction log file | `65536` |
|
||||
| `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` |
|
||||
| `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` |
|
||||
| `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` |
|
||||
| `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` |
|
||||
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
|
||||
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
|
||||
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
|
||||
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
|
||||
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
|
||||
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
|
||||
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
|
||||
| `dataLogDir` | Dedicated data log directory | `""` |
|
||||
| `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` |
|
||||
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
|
||||
|
||||
### Statefulset parameters
|
||||
@@ -245,7 +251,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r0` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r4` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
@@ -420,6 +426,11 @@ Find more information about how to deal with common errors related to Bitnami's
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 10.0.0
|
||||
|
||||
This new version of the chart adds support for server-server authentication.
|
||||
The chart previously supported client-server authentication, to avioud confusion, the previous parameters have been renamed from `auth.*` to `auth.client.*`.
|
||||
|
||||
### To 9.0.0
|
||||
|
||||
This new version of the chart includes the new ZooKeeper major version 3.8.0. Upgrade compatibility is not guaranteed.
|
||||
|
||||
@@ -2,8 +2,7 @@ CHART NAME: {{ .Chart.Name }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
{{- if contains .Values.service.type "LoadBalancer" }}
|
||||
{{- if not .Values.auth.clientPassword }}
|
||||
{{- if and (not .Values.auth.client.enabled) (eq .Values.service.type "LoadBalancer") }}
|
||||
-------------------------------------------------------------------------------
|
||||
WARNING
|
||||
|
||||
@@ -17,7 +16,6 @@ APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
@@ -52,13 +50,13 @@ To connect to your ZooKeeper server run the following commands:
|
||||
|
||||
To connect to your ZooKeeper server from outside the cluster execute the following commands:
|
||||
|
||||
{{- if contains "NodePort" .Values.service.type }}
|
||||
{{- if eq .Values.service.type "NodePort" }}
|
||||
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ template "zookeeper.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
export NODE_PORT=$(kubectl get --namespace {{ template "zookeeper.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
|
||||
zkCli.sh $NODE_IP:$NODE_PORT
|
||||
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
Watch the status with: 'kubectl get svc --namespace {{ template "zookeeper.namespace" . }} -w {{ template "common.names.fullname" . }}'
|
||||
@@ -66,7 +64,7 @@ To connect to your ZooKeeper server from outside the cluster execute the followi
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "zookeeper.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
zkCli.sh $SERVICE_IP:{{ .Values.service.ports.client }}
|
||||
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
|
||||
kubectl port-forward --namespace {{ template "zookeeper.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.ports.client }}:{{ .Values.containerPorts.client }} &
|
||||
zkCli.sh 127.0.0.1:{{ .Values.service.ports.client }}
|
||||
|
||||
@@ -52,21 +52,41 @@ Return ZooKeeper Namespace to use
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the ZooKeeper authentication credentials secret
|
||||
Return the ZooKeeper client-server authentication credentials secret
|
||||
*/}}
|
||||
{{- define "zookeeper.secretName" -}}
|
||||
{{- if .Values.auth.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
|
||||
{{- define "zookeeper.client.secretName" -}}
|
||||
{{- if .Values.auth.client.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.auth.client.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-auth" (include "common.names.fullname" .) -}}
|
||||
{{- printf "%s-client-auth" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a ZooKeeper authentication credentials secret object should be created
|
||||
Return the ZooKeeper server-server authentication credentials secret
|
||||
*/}}
|
||||
{{- define "zookeeper.createSecret" -}}
|
||||
{{- if and .Values.auth.enabled (empty .Values.auth.existingSecret) -}}
|
||||
{{- define "zookeeper.quorum.secretName" -}}
|
||||
{{- if .Values.auth.quorum.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.auth.quorum.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-quorum-auth" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a ZooKeeper client-server authentication credentials secret object should be created
|
||||
*/}}
|
||||
{{- define "zookeeper.client.createSecret" -}}
|
||||
{{- if and .Values.auth.client.enabled (empty .Values.auth.client.existingSecret) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a ZooKeeper server-server authentication credentials secret object should be created
|
||||
*/}}
|
||||
{{- define "zookeeper.quorum.createSecret" -}}
|
||||
{{- if and .Values.auth.quorum.enabled (empty .Values.auth.quorum.existingSecret) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -85,28 +105,6 @@ otherwise it generates a random value.
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return ZooKeeper client password
|
||||
*/}}
|
||||
{{- define "zookeeper.client.password" -}}
|
||||
{{- if not (empty .Values.auth.clientPassword) -}}
|
||||
{{- .Values.auth.clientPassword -}}
|
||||
{{- else -}}
|
||||
{{- include "getValueFromSecret" (dict "Namespace" (include "zookeeper.namespace" .) "Name" (printf "%s-auth" (include "common.names.fullname" .)) "Length" 10 "Key" "client-password") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return ZooKeeper server password
|
||||
*/}}
|
||||
{{- define "zookeeper.server.password" -}}
|
||||
{{- if not (empty .Values.auth.serverPasswords) -}}
|
||||
{{- .Values.auth.serverPasswords -}}
|
||||
{{- else -}}
|
||||
{{- include "getValueFromSecret" (dict "Namespace" (include "zookeeper.namespace" .) "Name" (printf "%s-auth" (include "common.names.fullname" .)) "Length" 10 "Key" "server-password") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the ZooKeeper configuration ConfigMap name
|
||||
*/}}
|
||||
@@ -304,7 +302,8 @@ Compile all warnings into a single message.
|
||||
*/}}
|
||||
{{- define "zookeeper.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "zookeeper.validateValues.auth" .) -}}
|
||||
{{- $messages := append $messages (include "zookeeper.validateValues.client.auth" .) -}}
|
||||
{{- $messages := append $messages (include "zookeeper.validateValues.quorum.auth" .) -}}
|
||||
{{- $messages := append $messages (include "zookeeper.validateValues.client.tls" .) -}}
|
||||
{{- $messages := append $messages (include "zookeeper.validateValues.quorum.tls" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
@@ -318,11 +317,22 @@ Compile all warnings into a single message.
|
||||
{{/*
|
||||
Validate values of ZooKeeper - Authentication enabled
|
||||
*/}}
|
||||
{{- define "zookeeper.validateValues.auth" -}}
|
||||
{{- if and .Values.auth.enabled (or (not .Values.auth.clientUser) (not .Values.auth.serverUsers)) }}
|
||||
zookeeper: auth.enabled
|
||||
In order to enable authentication, you need to provide the list
|
||||
of users to be created and the user to use for clients access.
|
||||
{{- define "zookeeper.validateValues.client.auth" -}}
|
||||
{{- if and .Values.auth.client.enabled (not .Values.auth.client.existingSecret) (or (not .Values.auth.client.clientUser) (not .Values.auth.client.serverUsers)) }}
|
||||
zookeeper: auth.client.enabled
|
||||
In order to enable client-server authentication, you need to provide the list
|
||||
of users to be created and the user to use for clients authentication.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of ZooKeeper - Authentication enabled
|
||||
*/}}
|
||||
{{- define "zookeeper.validateValues.quorum.auth" -}}
|
||||
{{- if and .Values.auth.quorum.enabled (not .Values.auth.quorum.existingSecret) (or (not .Values.auth.quorum.learnerUser) (not .Values.auth.quorum.serverUsers)) }}
|
||||
zookeeper: auth.quorum.enabled
|
||||
In order to enable server-server authentication, you need to provide the list
|
||||
of users to be created and the user to use for quorum authentication.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{{- if (include "zookeeper.createSecret" .) }}
|
||||
{{- if (include "zookeeper.client.createSecret" .) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-auth" (include "common.names.fullname" .) }}
|
||||
name: {{ printf "%s-client-auth" (include "common.names.fullname" .) }}
|
||||
namespace: {{ template "zookeeper.namespace" . }}
|
||||
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||
app.kubernetes.io/component: zookeeper
|
||||
@@ -14,8 +14,28 @@ metadata:
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
client-password: {{ include "zookeeper.client.password" . | b64enc | quote }}
|
||||
server-password: {{ include "zookeeper.server.password" . | b64enc | quote }}
|
||||
client-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-client-auth" (include "common.names.fullname" .)) "key" "client-password" "providedValues" (list "auth.client.clientPassword") "context" $) }}
|
||||
server-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-client-auth" (include "common.names.fullname" .)) "key" "server-password" "providedValues" (list "auth.client.serverPasswords") "context" $) }}
|
||||
{{- end }}
|
||||
{{- if (include "zookeeper.quorum.createSecret" .) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-quorum-auth" (include "common.names.fullname" .) }}
|
||||
namespace: {{ template "zookeeper.namespace" . }}
|
||||
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||
app.kubernetes.io/component: zookeeper
|
||||
{{- if .Values.commonLabels }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
quorum-learner-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-client-auth" (include "common.names.fullname" .)) "key" "quorum-learner-password" "providedValues" (list "auth.quorum.learnerPassword") "context" $) }}
|
||||
quorum-server-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-client-auth" (include "common.names.fullname" .)) "key" "quorum-server-password" "providedValues" (list "auth.quorum.serverPasswords") "context" $) }}
|
||||
{{- end }}
|
||||
{{- if (include "zookeeper.client.createTlsPasswordsSecret" .) }}
|
||||
---
|
||||
|
||||
@@ -31,7 +31,7 @@ spec:
|
||||
{{- if (include "zookeeper.createConfigmap" .) }}
|
||||
checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if or (include "zookeeper.createSecret" .) (include "zookeeper.client.createTlsPasswordsSecret" .) (include "zookeeper.quorum.createTlsPasswordsSecret" .) }}
|
||||
{{- if or (include "zookeeper.quorum.createSecret" .) (include "zookeeper.client.createSecret" .) (include "zookeeper.client.createTlsPasswordsSecret" .) (include "zookeeper.quorum.createTlsPasswordsSecret" .) }}
|
||||
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if or (include "zookeeper.client.createTlsSecret" .) (include "zookeeper.quorum.createTlsSecret" .) }}
|
||||
@@ -228,29 +228,47 @@ spec:
|
||||
{{- $clusterDomain := .Values.clusterDomain }}
|
||||
value: {{ range $i, $e := until $replicaCount }}{{ $zookeeperFullname }}-{{ $e }}.{{ $zookeeperHeadlessServiceName }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $followerPort }}:{{ $electionPort }}::{{ add $e $minServerId }} {{ end }}
|
||||
- name: ZOO_ENABLE_AUTH
|
||||
value: {{ ternary "yes" "no" .Values.auth.enabled | quote }}
|
||||
{{- if .Values.auth.enabled }}
|
||||
value: {{ ternary "yes" "no" .Values.auth.client.enabled | quote }}
|
||||
{{- if .Values.auth.client.enabled }}
|
||||
- name: ZOO_CLIENT_USER
|
||||
value: {{ .Values.auth.clientUser | quote }}
|
||||
value: {{ .Values.auth.client.clientUser | quote }}
|
||||
- name: ZOO_CLIENT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "zookeeper.secretName" . }}
|
||||
name: {{ include "zookeeper.client.secretName" . }}
|
||||
key: client-password
|
||||
- name: ZOO_SERVER_USERS
|
||||
value: {{ .Values.auth.serverUsers | quote }}
|
||||
value: {{ .Values.auth.client.serverUsers | quote }}
|
||||
- name: ZOO_SERVER_PASSWORDS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "zookeeper.secretName" . }}
|
||||
name: {{ include "zookeeper.client.secretName" . }}
|
||||
key: server-password
|
||||
{{- end }}
|
||||
- name: ZOO_ENABLE_QUORUM_AUTH
|
||||
value: {{ ternary "yes" "no" .Values.auth.quorum.enabled | quote }}
|
||||
{{- if .Values.auth.quorum.enabled }}
|
||||
- name: ZOO_QUORUM_LEARNER_USER
|
||||
value: {{ .Values.auth.quorum.learnerUser | quote }}
|
||||
- name: ZOO_QUORUM_LEARNER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "zookeeper.quorum.secretName" . }}
|
||||
key: quorum-learner-password
|
||||
- name: ZOO_QUORUM_SERVER_USERS
|
||||
value: {{ .Values.auth.quorum.serverUsers | quote }}
|
||||
- name: ZOO_QUORUM_SERVER_PASSWORDS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "zookeeper.quorum.secretName" . }}
|
||||
key: quorum-server-password
|
||||
{{- end }}
|
||||
- name: ZOO_HEAP_SIZE
|
||||
value: {{ .Values.heapSize | quote }}
|
||||
- name: ZOO_LOG_LEVEL
|
||||
value: {{ .Values.logLevel | quote }}
|
||||
- name: ALLOW_ANONYMOUS_LOGIN
|
||||
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
|
||||
value: {{ ternary "no" "yes" .Values.auth.client.enabled | quote }}
|
||||
{{- if .Values.jvmFlags }}
|
||||
- name: JVMFLAGS
|
||||
value: {{ .Values.jvmFlags | quote }}
|
||||
@@ -291,7 +309,7 @@ spec:
|
||||
- name: ZOO_TLS_QUORUM_ENABLE
|
||||
value: {{ .Values.tls.quorum.enabled | quote }}
|
||||
- name: ZOO_TLS_QUORUM_CLIENT_AUTH
|
||||
value: {{ .Values.tls.quorum.auth | quote }}
|
||||
value: {{ .Values.tls.auth.quorum | quote }}
|
||||
- name: ZOO_TLS_QUORUM_KEYSTORE_FILE
|
||||
value: {{ .Values.tls.quorum.keystorePath | quote }}
|
||||
- name: ZOO_TLS_QUORUM_TRUSTSTORE_FILE
|
||||
|
||||
@@ -75,7 +75,7 @@ diagnosticMode:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/zookeeper
|
||||
tag: 3.8.0-debian-11-r5
|
||||
tag: 3.8.0-debian-11-r6
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
@@ -95,26 +95,49 @@ image:
|
||||
## Authentication parameters
|
||||
##
|
||||
auth:
|
||||
## @param auth.enabled Enable ZooKeeper auth. It uses SASL/Digest-MD5
|
||||
##
|
||||
enabled: false
|
||||
## @param auth.clientUser User that will use ZooKeeper clients to auth
|
||||
##
|
||||
clientUser: ""
|
||||
## @param auth.clientPassword Password that will use ZooKeeper clients to auth
|
||||
##
|
||||
clientPassword: ""
|
||||
## @param auth.serverUsers Comma, semicolon or whitespace separated list of user to be created
|
||||
## Specify them as a string, for example: "user1,user2,admin"
|
||||
##
|
||||
serverUsers: ""
|
||||
## @param auth.serverPasswords Comma, semicolon or whitespace separated list of passwords to assign to users when created
|
||||
## Specify them as a string, for example: "pass4user1, pass4user2, pass4admin"
|
||||
##
|
||||
serverPasswords: ""
|
||||
## @param auth.existingSecret Use existing secret (ignores previous passwords)
|
||||
##
|
||||
existingSecret: ""
|
||||
client:
|
||||
## @param auth.client.enabled Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5
|
||||
##
|
||||
enabled: false
|
||||
## @param auth.client.clientUser User that will use ZooKeeper clients to auth
|
||||
##
|
||||
clientUser: ""
|
||||
## @param auth.client.clientPassword Password that will use ZooKeeper clients to auth
|
||||
##
|
||||
clientPassword: ""
|
||||
## @param auth.client.serverUsers Comma, semicolon or whitespace separated list of user to be created
|
||||
## Specify them as a string, for example: "user1,user2,admin"
|
||||
##
|
||||
serverUsers: ""
|
||||
## @param auth.client.serverPasswords Comma, semicolon or whitespace separated list of passwords to assign to users when created
|
||||
## Specify them as a string, for example: "pass4user1, pass4user2, pass4admin"
|
||||
##
|
||||
serverPasswords: ""
|
||||
## @param auth.client.existingSecret Use existing secret (ignores previous passwords)
|
||||
##
|
||||
existingSecret: ""
|
||||
quorum:
|
||||
## @param auth.quorum.enabled Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5
|
||||
##
|
||||
enabled: false
|
||||
## @param auth.quorum.learnerUser User that the ZooKeeper quorumLearner will use to authenticate to quorumServers.
|
||||
## Note: Make sure the user is included in auth.quorum.serverUsers
|
||||
##
|
||||
learnerUser: ""
|
||||
## @param auth.quorum.learnerPassword Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers.
|
||||
##
|
||||
learnerPassword: ""
|
||||
## @param auth.quorum.serverUsers Comma, semicolon or whitespace separated list of users for the quorumServers.
|
||||
## Specify them as a string, for example: "user1,user2,admin"
|
||||
##
|
||||
serverUsers: ""
|
||||
## @param auth.quorum.serverPasswords Comma, semicolon or whitespace separated list of passwords to assign to users when created
|
||||
## Specify them as a string, for example: "pass4user1, pass4user2, pass4admin"
|
||||
##
|
||||
serverPasswords: ""
|
||||
## @param auth.quorum.existingSecret Use existing secret (ignores previous passwords)
|
||||
##
|
||||
existingSecret: ""
|
||||
## @param tickTime Basic time unit (in milliseconds) used by ZooKeeper for heartbeats
|
||||
##
|
||||
tickTime: 2000
|
||||
|
||||
Reference in New Issue
Block a user