From b13d0f3d452decef720f5abc3e933ea98be7692d Mon Sep 17 00:00:00 2001 From: Martin Hrabovcin Date: Wed, 9 Oct 2024 12:09:28 +0200 Subject: [PATCH] feat(kafka-operator): add 0.20.2 (#1515) --- staging/kafka-operator/Chart.yaml | 4 +- staging/kafka-operator/templates/crds.yaml | 92 +++++++++++++++++++ .../operator-deployment-with-webhook.yaml | 10 +- staging/kafka-operator/values.yaml | 6 ++ 4 files changed, 109 insertions(+), 3 deletions(-) diff --git a/staging/kafka-operator/Chart.yaml b/staging/kafka-operator/Chart.yaml index 3af8aaf13..f4a06bb58 100755 --- a/staging/kafka-operator/Chart.yaml +++ b/staging/kafka-operator/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: v0.20.0 +appVersion: v0.20.2 description: kafka-operator manages Kafka deployments on Kubernetes name: kafka-operator sources: - https://github.com/banzaicloud/koperator -version: 0.20.0 +version: 0.20.2 maintainers: - name: mhrabovcin diff --git a/staging/kafka-operator/templates/crds.yaml b/staging/kafka-operator/templates/crds.yaml index 08a66297b..e57497690 100755 --- a/staging/kafka-operator/templates/crds.yaml +++ b/staging/kafka-operator/templates/crds.yaml @@ -4096,6 +4096,12 @@ spec: - pvcSpec type: object type: array + terminationGracePeriodSeconds: + default: 120 + description: TerminationGracePeriod defines the pod termination + grace period + format: int64 + type: integer tolerations: items: description: The pod this Toleration is attached to tolerates @@ -9948,6 +9954,12 @@ spec: - pvcSpec type: object type: array + terminationGracePeriodSeconds: + default: 120 + description: TerminationGracePeriod defines the pod termination + grace period + format: int64 + type: integer tolerations: items: description: The pod this Toleration is attached to tolerates @@ -11680,6 +11692,23 @@ spec: - id type: object type: array + clientSSLCertSecret: + description: ClientSSLCertSecret is a reference to the Kubernetes + secret where custom client SSL certificate can be provided. It will + be used by the koperator, cruise control, cruise control metrics + reporter to communicate on SSL with that internal listener which + is used for interbroker communication. The client certificate must + share the same chain of trust as the server certificate used by + the corresponding internal listener. The secret must contains the + keystore, truststore jks files and the password for them in base64 + encoded format under the keystore.jks, truststore.jks, password + data fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object clusterImage: type: string clusterMetricsReporterImage: @@ -15804,6 +15833,17 @@ spec: - maxUnavailable type: string type: object + envoyCommandLineArgs: + description: Envoy command line arguments + properties: + concurrency: + description: Envoy --concurrency command line argument. See + https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-concurrency + format: int32 + minimum: 1 + type: integer + type: object + x-kubernetes-preserve-unknown-fields: true healthCheckPort: description: Envoy health-check port format: int32 @@ -17722,6 +17762,17 @@ spec: - maxUnavailable type: string type: object + envoyCommandLineArgs: + description: Envoy command line arguments + properties: + concurrency: + description: Envoy --concurrency command + line argument. See https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-concurrency + format: int32 + minimum: 1 + type: integer + type: object + x-kubernetes-preserve-unknown-fields: true healthCheckPort: description: Envoy health-check port format: int32 @@ -18400,6 +18451,22 @@ spec: name: pattern: ^[a-z0-9\-]+ type: string + serverSSLCertSecret: + description: ServerSSLCertSecret is a reference to the Kubernetes + secret that contains the server certificate for the listener + to be used for SSL communication. The secret must contain + the keystore, truststore jks files and the password for + them in base64 encoded format under the keystore.jks, + truststore.jks, password data fields. If this field is + omitted koperator will auto-create a self-signed server + certificate using the configuration provided in 'sslSecrets' + field. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object serviceAnnotations: additionalProperties: type: string @@ -18440,6 +18507,22 @@ spec: name: pattern: ^[a-z0-9\-]+ type: string + serverSSLCertSecret: + description: ServerSSLCertSecret is a reference to the Kubernetes + secret that contains the server certificate for the listener + to be used for SSL communication. The secret must contain + the keystore, truststore jks files and the password for + them in base64 encoded format under the keystore.jks, + truststore.jks, password data fields. If this field is + omitted koperator will auto-create a self-signed server + certificate using the configuration provided in 'sslSecrets' + field. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object type: description: 'SecurityProtocol is the protocol used to communicate with brokers. Valid values are: plaintext, ssl, sasl_plaintext, @@ -18541,6 +18624,12 @@ spec: RollingUpgrade properties: failureThreshold: + description: FailureThreshold controls how many failures the cluster + can tolerate during a rolling upgrade. Once the number of failures + reaches this threshold a rolling upgrade flow stops. The number + of failures is computed as the sum of distinct broker replicas + with either offline replicas or out of sync replicas and the + number of alerts triggered by alerts with 'rollingupgrade' type: integer required: - failureThreshold @@ -18708,6 +18797,9 @@ spec: description: RollingUpgradeStatus defines status of rolling upgrade properties: errorCount: + description: ErrorCount keeps track the number of errors reported + by alerts labeled with 'rollingupgrade'. It's reset once these + alerts stop firing. type: integer lastSuccess: type: string diff --git a/staging/kafka-operator/templates/operator-deployment-with-webhook.yaml b/staging/kafka-operator/templates/operator-deployment-with-webhook.yaml index e7ae57e65..b87bf9892 100755 --- a/staging/kafka-operator/templates/operator-deployment-with-webhook.yaml +++ b/staging/kafka-operator/templates/operator-deployment-with-webhook.yaml @@ -125,6 +125,10 @@ spec: {{- if .Values.additionalVolumes }} {{- include "chart.additionalVolumes" . | nindent 8 }} {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: + {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} containers: {{- if and .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }} - name: kube-rbac-proxy @@ -200,7 +204,11 @@ spec: readOnly: true {{- end }} resources: -{{ toYaml .Values.operator.resources | nindent 12 }} + {{ toYaml .Values.operator.resources | nindent 12 }} + {{- if .Values.containerSecurityContext }} + securityContext: + {{ toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} {{- if .Values.additionalSidecars }} {{- include "chart.additionalSidecars" . | nindent 8 }} {{- end }} diff --git a/staging/kafka-operator/values.yaml b/staging/kafka-operator/values.yaml index 391231039..4c29869e4 100755 --- a/staging/kafka-operator/values.yaml +++ b/staging/kafka-operator/values.yaml @@ -91,3 +91,9 @@ additionalVolumes: {} # emptyDir: {} # - name: volume2 # emptyDir: {} + +# Pod Security Context +# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +podSecurityContext: {} +# Container Security Context +containerSecurityContext: {}