From e19c538a52deac99b264c35d486ebdd39686bc94 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 7 Apr 2026 11:22:07 -0400 Subject: [PATCH 1/4] Fix ballast file propagation from tuning container (#1414) * Fix ballast file propagation from tuning container * Regen golden files (cherry picked from commit df1b92fa65602677828209f30ca3224fe9d0e653) # Conflicts: # charts/redpanda/testdata/template-cases.golden.txtar # operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar # operator/multicluster/statefulset_init.go # operator/multicluster/testdata/render-cases.pools.golden.txtar --- ...charts-redpanda-Fixed-20260406-144320.yaml | 4 + .../operator-Fixed-20260406-144320.yaml | 4 + .../chart/templates/_statefulset.go.tpl | 26 +- charts/redpanda/statefulset.go | 4 + .../testdata/template-cases.golden.txtar | 4041 +++-- .../testdata/cases.pools.golden.txtar | 10 + .../stretch-cluster-cases.pools.golden.txtar | 1504 ++ operator/multicluster/statefulset_init.go | 232 + .../testdata/render-cases.pools.golden.txtar | 12280 ++++++++++++++++ 9 files changed, 16895 insertions(+), 1210 deletions(-) create mode 100644 .changes/unreleased/charts-redpanda-Fixed-20260406-144320.yaml create mode 100644 .changes/unreleased/operator-Fixed-20260406-144320.yaml create mode 100644 operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar create mode 100644 operator/multicluster/statefulset_init.go create mode 100644 operator/multicluster/testdata/render-cases.pools.golden.txtar diff --git a/.changes/unreleased/charts-redpanda-Fixed-20260406-144320.yaml b/.changes/unreleased/charts-redpanda-Fixed-20260406-144320.yaml new file mode 100644 index 000000000..2d08c6681 --- /dev/null +++ b/.changes/unreleased/charts-redpanda-Fixed-20260406-144320.yaml @@ -0,0 +1,4 @@ +project: charts/redpanda +kind: Fixed +body: Fixed issue with ballast file tuning where the tuning container didn't mount the proper directory needed for propagating the ballast file to the main container. +time: 2026-04-06T14:43:20.320504-04:00 diff --git a/.changes/unreleased/operator-Fixed-20260406-144320.yaml b/.changes/unreleased/operator-Fixed-20260406-144320.yaml new file mode 100644 index 000000000..86d682d51 --- /dev/null +++ b/.changes/unreleased/operator-Fixed-20260406-144320.yaml @@ -0,0 +1,4 @@ +project: operator +kind: Fixed +body: Fixed issue with ballast file tuning where the tuning container didn't mount the proper directory needed for propagating the ballast file to the main container. +time: 2026-04-06T14:43:20.320502-04:00 diff --git a/charts/redpanda/chart/templates/_statefulset.go.tpl b/charts/redpanda/chart/templates/_statefulset.go.tpl index 122740f35..ca48c2871 100644 --- a/charts/redpanda/chart/templates/_statefulset.go.tpl +++ b/charts/redpanda/chart/templates/_statefulset.go.tpl @@ -200,7 +200,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "tuning" "image" (printf "%s:%s" $state.Values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $state)))) "r")) "command" (list `/bin/bash` `-c` `rpk redpanda tune all`) "securityContext" (mustMergeOverwrite (dict) (dict "capabilities" (mustMergeOverwrite (dict) (dict "add" (list `SYS_RESOURCE`))) "privileged" true "runAsNonRoot" false "runAsUser" ((0 | int64) | int64) "runAsGroup" ((0 | int64) | int64))) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $state)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/etc/redpanda"))))))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "tuning" "image" (printf "%s:%s" $state.Values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $state)))) "r")) "command" (list `/bin/bash` `-c` `rpk redpanda tune all`) "securityContext" (mustMergeOverwrite (dict) (dict "capabilities" (mustMergeOverwrite (dict) (dict "add" (list `SYS_RESOURCE`))) "privileged" true "runAsNonRoot" false "runAsUser" ((0 | int64) | int64) "runAsGroup" ((0 | int64) | int64))) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $state)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/etc/redpanda")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data`))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -215,9 +215,9 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $_398_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $state $pool "set-datadir-ownership")))) "r") -}} -{{- $uid := ((index $_398_uid_gid 0) | int64) -}} -{{- $gid := ((index $_398_uid_gid 1) | int64) -}} +{{- $_402_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $state $pool "set-datadir-ownership")))) "r") -}} +{{- $uid := ((index $_402_uid_gid 0) | int64) -}} +{{- $gid := ((index $_402_uid_gid 1) | int64) -}} {{- $_is_returning = true -}} {{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "set-datadir-ownership" "image" (printf "%s:%s" $pool.Statefulset.initContainerImage.repository $pool.Statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `chown %d:%d -R /var/lib/redpanda/data` $uid $gid)) "securityContext" (mustMergeOverwrite (dict) (dict "runAsUser" (0 | int64) "runAsGroup" (0 | int64))) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $state)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data`))))))) | toJson -}} {{- break -}} @@ -230,12 +230,12 @@ {{- $containerName := (index .a 2) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_424_gid_uid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $state.Values.podTemplate "redpanda")))) "r") -}} -{{- $gid := (index $_424_gid_uid 0) -}} -{{- $uid := (index $_424_gid_uid 1) -}} -{{- $_425_sgid_suid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $pool.Statefulset.podTemplate "redpanda")))) "r") -}} -{{- $sgid := (index $_425_sgid_suid 0) -}} -{{- $suid := (index $_425_sgid_suid 1) -}} +{{- $_428_gid_uid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $state.Values.podTemplate "redpanda")))) "r") -}} +{{- $gid := (index $_428_gid_uid 0) -}} +{{- $uid := (index $_428_gid_uid 1) -}} +{{- $_429_sgid_suid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $pool.Statefulset.podTemplate "redpanda")))) "r") -}} +{{- $sgid := (index $_429_sgid_suid 0) -}} +{{- $suid := (index $_429_sgid_suid 1) -}} {{- if (ne (toJson $sgid) "null") -}} {{- $gid = $sgid -}} {{- end -}} @@ -312,9 +312,9 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $_504_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $state $pool "set-tiered-storage-cache-dir-ownership")))) "r") -}} -{{- $uid := ((index $_504_uid_gid 0) | int64) -}} -{{- $gid := ((index $_504_uid_gid 1) | int64) -}} +{{- $_508_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $state $pool "set-tiered-storage-cache-dir-ownership")))) "r") -}} +{{- $uid := ((index $_508_uid_gid 0) | int64) -}} +{{- $gid := ((index $_508_uid_gid 1) | int64) -}} {{- $cacheDir := (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $state.Values.storage $state)))) "r") -}} {{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $state)))) "r") -}} {{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data")))) -}} diff --git a/charts/redpanda/statefulset.go b/charts/redpanda/statefulset.go index 06c627c23..e42e53376 100644 --- a/charts/redpanda/statefulset.go +++ b/charts/redpanda/statefulset.go @@ -382,6 +382,10 @@ func statefulSetInitContainerTuning(state *RenderState) *corev1.Container { Name: "base-config", MountPath: "/etc/redpanda", }, + corev1.VolumeMount{ + Name: `datadir`, + MountPath: `/var/lib/redpanda/data`, + }, ), } } diff --git a/charts/redpanda/testdata/template-cases.golden.txtar b/charts/redpanda/testdata/template-cases.golden.txtar index 12bd32011..d18cb396c 100644 --- a/charts/redpanda/testdata/template-cases.golden.txtar +++ b/charts/redpanda/testdata/template-cases.golden.txtar @@ -977,6 +977,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -2260,6 +2262,8 @@ spec: volumeMounts: - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -3421,6 +3425,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -4775,6 +4781,8 @@ spec: readOnly: true - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -6050,6 +6058,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -7538,6 +7548,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -9044,6 +9056,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -10453,6 +10467,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -11862,6 +11878,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -13364,6 +13382,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -14805,6 +14825,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -16218,6 +16240,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -17437,6 +17461,8 @@ spec: volumeMounts: - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -18663,6 +18689,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -20103,6 +20131,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -21515,6 +21545,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -22924,6 +22956,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -24386,6 +24420,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -25864,6 +25900,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -27342,6 +27380,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -28772,6 +28812,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -30251,6 +30293,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -31747,6 +31791,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -33243,6 +33289,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -34692,6 +34740,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -36188,6 +36238,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -37684,6 +37736,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -39180,6 +39234,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -40629,6 +40685,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -42074,6 +42132,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -43484,6 +43544,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -44893,6 +44955,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -46390,6 +46454,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -47805,6 +47871,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -49268,6 +49336,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/sh - -c @@ -50718,6 +50788,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -52134,6 +52206,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -53582,6 +53656,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -55019,6 +55095,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -56255,6 +56333,8 @@ spec: name: redpanda-kafka-internal-0-client-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -57806,6 +57886,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -59225,6 +59307,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -60717,6 +60801,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -62133,6 +62219,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -63574,6 +63662,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -65011,6 +65101,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -67800,6 +67892,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -69297,6 +69391,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -70762,6 +70858,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -72220,6 +72318,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -73678,6 +73778,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -75102,6 +75204,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -76560,6 +76664,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -78018,6 +78124,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -79430,6 +79538,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -80888,6 +80998,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -82346,6 +82458,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -83758,6 +83872,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -85216,6 +85332,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -86674,6 +86792,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -88086,6 +88206,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -89544,6 +89666,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -91002,6 +91126,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -92414,6 +92540,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -93872,6 +94000,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -95330,6 +95460,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -96742,6 +96874,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -97965,6 +98099,8 @@ spec: name: redpanda-for-internal-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -99189,6 +99325,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -100700,6 +100838,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - mountPath: /fake/tuning name: test-extra-volume - command: @@ -102269,6 +102409,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -103780,6 +103922,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -105296,6 +105440,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -106774,6 +106920,8 @@ spec: name: redpanda-kafka-internal-0-client-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -108325,6 +108473,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -109734,6 +109884,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -110124,7 +110276,10 @@ spec: - --out-dir - /tmp/config env: null +<<<<<<< HEAD image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 +======= + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 name: bootstrap-yaml-envsubst resources: limits: @@ -110164,7 +110319,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/service-monitor-with-tls-in-admin-api.yaml.golden -- +-- testdata/TestTemplate/service-monitor-for-console-without-tls.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -110175,7 +110330,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda namespace: default spec: @@ -110196,8 +110351,8 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 name: redpanda-console namespace: default --- @@ -110212,7 +110367,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda namespace: default --- @@ -110225,7 +110380,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-sts-lifecycle namespace: default stringData: @@ -110317,7 +110472,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-configurator namespace: default stringData: @@ -110538,7 +110693,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda namespace: default --- @@ -110575,7 +110730,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-rpk namespace: default --- @@ -110615,8 +110770,8 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 name: redpanda-console namespace: default --- @@ -110630,7 +110785,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-rpk-debug-bundle namespace: default rules: @@ -110662,7 +110817,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-sidecar namespace: default rules: @@ -110689,7 +110844,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-rpk-debug-bundle namespace: default roleRef: @@ -110711,7 +110866,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-sidecar namespace: default roleRef: @@ -110732,8 +110887,8 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 name: redpanda-console namespace: default spec: @@ -110757,7 +110912,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-external namespace: default spec: @@ -110800,8 +110955,8 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - monitoring.redpanda.com/enabled: "true" + helm.sh/chart: redpanda-26.1.1 + monitoring.redpanda.com/enabled: "false" name: redpanda namespace: default spec: @@ -110843,8 +110998,8 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 name: redpanda-console namespace: default spec: @@ -110868,9 +111023,19 @@ spec: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: null + env: + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: helm + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: 3.7.0 + - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION + value: redpandadata/console:v3.7.0 + - name: REDPANDA_METRICS_K8S_VERSION + value: v1.99.0-gke + - name: REDPANDA_METRICS_K8S_ENVIRONMENT + value: GCP envFrom: [] - image: docker.redpanda.com/redpandadata/console:v3.3.2 + image: docker.redpanda.com/redpandadata/console:v3.7.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110937,7 +111102,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda namespace: default spec: @@ -110959,7 +111124,7 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda cluster.redpanda.com/broker: "true" - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 redpanda.com/poddisruptionbudget: redpanda spec: affinity: @@ -110991,7 +111156,17 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + - name: REDPANDA_METRICS_K8S_VERSION + value: v1.99.0-gke + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: helm + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: 26.1.1 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + - name: REDPANDA_METRICS_K8S_ENVIRONMENT + value: GCP + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 lifecycle: postStart: exec: @@ -111037,6 +111212,9 @@ spec: limits: cpu: 1 memory: 2.5Gi + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true startupProbe: exec: command: @@ -111077,7 +111255,7 @@ spec: - default - --redpanda-cluster-name - redpanda - - --selector=helm.sh/chart=redpanda-25.3.4,app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=redpanda + - --selector=helm.sh/chart=redpanda-26.1.1,app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=redpanda - --run-broker-probe - --broker-probe-broker-url - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9644 @@ -111096,7 +111274,7 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 name: sidecar readinessProbe: failureThreshold: 3 @@ -111108,6 +111286,9 @@ spec: successThreshold: 1 timeoutSeconds: 0 resources: {} + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert @@ -111125,7 +111306,7 @@ spec: - -c - rpk redpanda tune all env: null - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 name: tuning resources: {} securityContext: @@ -111143,6 +111324,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -111167,9 +111350,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 name: redpanda-configurator resources: {} + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert @@ -111189,7 +111375,7 @@ spec: - --out-dir - /tmp/config env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 name: bootstrap-yaml-envsubst resources: limits: @@ -111295,7 +111481,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-default-root-certificate namespace: default spec: @@ -111320,7 +111506,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-external-root-certificate namespace: default spec: @@ -111345,7 +111531,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-default-cert namespace: default spec: @@ -111382,7 +111568,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-external-cert namespace: default spec: @@ -111419,7 +111605,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-default-selfsigned-issuer namespace: default spec: @@ -111434,7 +111620,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-default-root-issuer namespace: default spec: @@ -111450,7 +111636,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-external-selfsigned-issuer namespace: default spec: @@ -111465,42 +111651,39 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-external-root-issuer namespace: default spec: ca: secretName: redpanda-external-root-certificate --- -# Source: redpanda/templates/entry-point.yaml +# Source: redpanda/charts/console/templates/entry-point.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 + name: redpanda-console namespace: default spec: endpoints: - - enableHttp2: null - interval: 30s - path: /public_metrics - port: admin - scheme: https - tlsConfig: - ca: {} - cert: {} - insecureSkipVerify: true + - interval: 1m + path: /admin/metrics + port: http + scheme: HTTP namespaceSelector: {} selector: matchLabels: app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - monitoring.redpanda.com/enabled: "true" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.7.0 + helm.sh/chart: console-3.7.0 --- # Source: redpanda/templates/entry-point.yaml apiVersion: batch/v1 @@ -111515,7 +111698,7 @@ metadata: app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 + helm.sh/chart: redpanda-26.1.1 name: redpanda-configuration namespace: default spec: @@ -111540,7 +111723,7 @@ spec: - --bootstrap-yaml - /tmp/config/.bootstrap.yaml env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 name: post-install resources: {} securityContext: {} @@ -111563,7 +111746,8 @@ spec: - --out-dir - /tmp/config env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 +>>>>>>> df1b92fa (Fix ballast file propagation from tuning container (#1414)) name: bootstrap-yaml-envsubst resources: limits: @@ -111603,7 +111787,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/service-monitor-without-tls-in-admin-api.yaml.golden -- +-- testdata/TestTemplate/service-monitor-with-tls-in-admin-api.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -111672,14 +111856,14 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="http://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" + CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail ${CURL_URL}/v1/node_config" + CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent ${CURL_URL}/v1/maintenance" + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" postStart.sh: |- #!/usr/bin/env bash # This code should be similar if not exactly the same as that found in the panda-operator, see @@ -111698,7 +111882,7 @@ stringData: done echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do status=$(${CURL_MAINTENANCE_DELETE_CMD}) @@ -111728,7 +111912,7 @@ stringData: done echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" until [ "${status:-}" = '"200"' ]; do status=$(${CURL_MAINTENANCE_PUT_CMD}) sleep 0.5 @@ -111853,7 +112037,19 @@ data: - address: 0.0.0.0 name: default port: 9645 - admin_api_tls: null + admin_api_tls: + - cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + name: internal + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt crash_loop_limit: 5 empty_seed_starts_cluster: false kafka_api: @@ -111906,7 +112102,8 @@ data: - redpanda-0.redpanda.default.svc.cluster.local.:9644 - redpanda-1.redpanda.default.svc.cluster.local.:9644 - redpanda-2.redpanda.default.svc.cluster.local.:9644 - tls: null + tls: + ca_file: /etc/tls/certs/default/ca.crt enable_memory_locking: false kafka_api: brokers: @@ -111977,7 +112174,8 @@ data: - redpanda-0:31644 - redpanda-1:31644 - redpanda-2:31644 - tls: null + tls: + ca_file: ca.crt kafka_api: brokers: - redpanda-0:31092 @@ -112020,8 +112218,11 @@ data: redpanda: adminApi: enabled: true + tls: + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + enabled: true urls: - - http://redpanda.default.svc.cluster.local.:9644 + - https://redpanda.default.svc.cluster.local.:9644 schemaRegistry: enabled: true tls: @@ -112279,7 +112480,7 @@ spec: template: metadata: annotations: - checksum/config: a60733ab1ed13b4850da00d7142bdaa17b3bceb753afd1e11c96fe3319bf36f1 + checksum/config: 44e632405e10e419e4cb3a5f69d2911edabaa8fd561fc25ec1017dc35a99fc96 labels: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: console @@ -112374,7 +112575,7 @@ spec: template: metadata: annotations: - config.redpanda.com/checksum: 8578e4868613e9a7e5cf76c684d16cfc4d2b4fa09e697ccb118ebb19103360c5 + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda @@ -112466,7 +112667,7 @@ spec: - -c - | set -e - RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") echo $RESULT echo $RESULT | grep ready failureThreshold: 120 @@ -112565,6 +112766,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -112912,7 +113115,11 @@ spec: interval: 30s path: /public_metrics port: admin - scheme: http + scheme: https + tlsConfig: + ca: {} + cert: {} + insecureSkipVerify: true namespaceSelector: {} selector: matchLabels: @@ -113021,7 +113228,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/some-company-1.yaml.golden -- +-- testdata/TestTemplate/service-monitor-without-tls-in-admin-api.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -113090,14 +113297,14 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" + CURL_URL="http://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" + CURL_NODE_ID_CMD="curl --silent --fail ${CURL_URL}/v1/node_config" CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent ${CURL_URL}/v1/maintenance" postStart.sh: |- #!/usr/bin/env bash # This code should be similar if not exactly the same as that found in the panda-operator, see @@ -113116,7 +113323,7 @@ stringData: done echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do status=$(${CURL_MAINTENANCE_DELETE_CMD}) @@ -113146,7 +113353,7 @@ stringData: done echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" until [ "${status:-}" = '"200"' ]; do status=$(${CURL_MAINTENANCE_PUT_CMD}) sleep 0.5 @@ -113196,13 +113403,13 @@ stringData: ADVERTISED_KAFKA_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" @@ -113212,47 +113419,32 @@ stringData: ADVERTISED_HTTP_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 -immutable: true -kind: Secret -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-bootstrap-user - namespace: default -stringData: - password: changeme -type: Opaque ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","election_timeout_ms":"5000","enable_leader_balancer":"true","enable_rack_awareness":"false","enable_sasl":"true","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"true","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","partition_autobalancing_mode":"\"continuous\"","raft_heartbeat_interval_ms":"500","storage_min_free_bytes":"5368709120","superusers":"[\"kubernetes-controller\"]"}' + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml pandaproxy: pandaproxy_api: - address: 0.0.0.0 - authentication_method: http_basic name: internal port: 8082 + - address: 0.0.0.0 + name: default + port: 8083 pandaproxy_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true @@ -113260,6 +113452,12 @@ data: name: internal require_client_auth: false truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt pandaproxy_client: broker_tls: enabled: true @@ -113277,22 +113475,17 @@ data: - address: 0.0.0.0 name: internal port: 9644 - admin_api_tls: - - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt + - address: 0.0.0.0 + name: default + port: 9645 + admin_api_tls: null crash_loop_limit: 5 empty_seed_starts_cluster: false kafka_api: - address: 0.0.0.0 - authentication_method: sasl name: internal port: 9093 - address: 0.0.0.0 - authentication_method: sasl name: default port: 9094 kafka_api_tls: @@ -113307,10 +113500,16 @@ data: key_file: /etc/tls/certs/external/tls.key name: default require_client_auth: false - truststore_file: /etc/ssl/certs/ca-certificates.crt + truststore_file: /etc/tls/certs/external/ca.crt rpc_server: address: 0.0.0.0 port: 33145 + rpc_server_tls: + cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt seed_servers: - host: address: redpanda-0.redpanda.default.svc.cluster.local. @@ -113324,17 +113523,16 @@ data: rpk: additional_start_flags: - --default-log-level=info - - --memory=16384M - - --reserve-memory=240M - - --smp=7 + - --memory=2048M + - --reserve-memory=205M + - --smp=1 admin_api: addresses: - redpanda-0.redpanda.default.svc.cluster.local.:9644 - redpanda-1.redpanda.default.svc.cluster.local.:9644 - redpanda-2.redpanda.default.svc.cluster.local.:9644 - tls: - ca_file: /etc/tls/certs/default/ca.crt - enable_memory_locking: true + tls: null + enable_memory_locking: false kafka_api: brokers: - redpanda-0.redpanda.default.svc.cluster.local.:9093 @@ -113356,6 +113554,9 @@ data: - address: 0.0.0.0 name: internal port: 8081 + - address: 0.0.0.0 + name: default + port: 8084 schema_registry_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true @@ -113363,6 +113564,12 @@ data: name: internal require_client_auth: false truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt schema_registry_client: broker_tls: enabled: true @@ -113392,24 +113599,23 @@ data: profile: |- admin_api: addresses: - - redpanda-0.redpanda.dev.somecustomer.net:31644 - - redpanda-1.redpanda.dev.somecustomer.net:31644 - - redpanda-2.redpanda.dev.somecustomer.net:31644 - tls: - ca_file: ca.crt + - redpanda-0:31644 + - redpanda-1:31644 + - redpanda-2:31644 + tls: null kafka_api: brokers: - - redpanda-0.redpanda.dev.somecustomer.net:31092 - - redpanda-1.redpanda.dev.somecustomer.net:31092 - - redpanda-2.redpanda.dev.somecustomer.net:31092 + - redpanda-0:31092 + - redpanda-1:31092 + - redpanda-2:31092 tls: ca_file: ca.crt name: default schema_registry: addresses: - - redpanda-0.redpanda.dev.somecustomer.net:30081 - - redpanda-1.redpanda.dev.somecustomer.net:30081 - - redpanda-2.redpanda.dev.somecustomer.net:30081 + - redpanda-0:30081 + - redpanda-1:30081 + - redpanda-2:30081 tls: ca_file: ca.crt kind: ConfigMap @@ -113428,34 +113634,20 @@ apiVersion: v1 data: config.yaml: | # from .Values.config - connect: - connectTimeout: 15s - readTimeout: 60s - requestTimeout: 6s kafka: brokers: - redpanda-0.redpanda.default.svc.cluster.local.:9093 - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 - sasl: - enabled: true - mechanism: SCRAM-SHA-256 - username: kubernetes-controller tls: caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt enabled: true redpanda: adminApi: enabled: true - tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt - enabled: true urls: - - https://redpanda.default.svc.cluster.local.:9644 + - http://redpanda.default.svc.cluster.local.:9644 schemaRegistry: - authentication: - basic: - username: kubernetes-controller enabled: true tls: caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt @@ -113613,134 +113805,81 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - monitoring.redpanda.com/enabled: "true" - name: redpanda + name: redpanda-external namespace: default spec: - clusterIP: None + externalTrafficPolicy: Local ports: - - appProtocol: null - name: admin - port: 9644 - protocol: TCP - targetPort: 9644 - - name: http - port: 8082 - protocol: TCP - targetPort: 8082 - - name: kafka - port: 9093 + - name: admin-default + nodePort: 31644 + port: 9645 protocol: TCP - targetPort: 9093 - - name: rpc - port: 33145 + targetPort: 0 + - name: kafka-default + nodePort: 31092 + port: 9094 protocol: TCP - targetPort: 33145 - - name: schemaregistry - port: 8081 + targetPort: 0 + - name: http-default + nodePort: 30082 + port: 8083 protocol: TCP - targetPort: 8081 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - type: ClusterIP ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-0.redpanda.dev.somecustomer.net - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-0 - namespace: default -spec: - externalTrafficPolicy: Local - loadBalancerSourceRanges: null - ports: - - appProtocol: null - name: kafka-default - port: 31092 + targetPort: 0 + - name: schema-default + nodePort: 30081 + port: 8084 protocol: TCP - targetPort: 9094 + targetPort: 0 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-0 sessionAffinity: None - type: LoadBalancer + type: NodePort --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-1.redpanda.dev.somecustomer.net + annotations: {} labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-1 + monitoring.redpanda.com/enabled: "true" + name: redpanda namespace: default spec: - externalTrafficPolicy: Local - loadBalancerSourceRanges: null + clusterIP: None ports: - appProtocol: null - name: kafka-default - port: 31092 + name: admin + port: 9644 protocol: TCP - targetPort: 9094 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-1 - sessionAffinity: None - type: LoadBalancer ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-2.redpanda.dev.somecustomer.net - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-2 - namespace: default -spec: - externalTrafficPolicy: Local - loadBalancerSourceRanges: null - ports: - - appProtocol: null - name: kafka-default - port: 31092 + targetPort: 9644 + - name: http + port: 8082 protocol: TCP - targetPort: 9094 + targetPort: 8082 + - name: kafka + port: 9093 + protocol: TCP + targetPort: 9093 + - name: rpc + port: 33145 + protocol: TCP + targetPort: 33145 + - name: schemaregistry + port: 8081 + protocol: TCP + targetPort: 8081 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-2 - sessionAffinity: None - type: LoadBalancer + type: ClusterIP --- # Source: redpanda/templates/entry-point.yaml apiVersion: apps/v1 @@ -113765,41 +113904,18 @@ spec: template: metadata: annotations: - checksum/config: 64651eb4ff837fa7e4992a1f706dadc1b2301bf7d7b92f6470f34e4d6e5ebf0f + checksum/config: a60733ab1ed13b4850da00d7142bdaa17b3bceb753afd1e11c96fe3319bf36f1 labels: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: console spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname + affinity: {} automountServiceAccountToken: false containers: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: - - name: KAFKA_SASL_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: SCHEMAREGISTRY_AUTHENTICATION_BASIC_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: LICENSE - valueFrom: - secretKeyRef: - key: license - name: redpanda-enterprise-license + env: null envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -113883,7 +113999,7 @@ spec: template: metadata: annotations: - config.redpanda.com/checksum: af76624dd852d2724eb5f120c208cbc964be906efd325d02a832b9d0dca12770 + config.redpanda.com/checksum: 8578e4868613e9a7e5cf76c684d16cfc4d2b4fa09e697ccb118ebb19103360c5 labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda @@ -113922,17 +114038,6 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: RPK_USER - value: kubernetes-controller - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-256 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 lifecycle: postStart: @@ -113959,8 +114064,12 @@ spec: ports: - containerPort: 9644 name: admin + - containerPort: 9645 + name: admin-default - containerPort: 8082 name: http + - containerPort: 8083 + name: http-default - containerPort: 9093 name: kafka - containerPort: 9094 @@ -113969,13 +114078,12 @@ spec: name: rpc - containerPort: 8081 name: schemaregistry + - containerPort: 8084 + name: schema-default resources: limits: - cpu: "7" - memory: 25Gi - requests: - cpu: "7" - memory: 20Gi + cpu: 1 + memory: 2.5Gi startupProbe: exec: command: @@ -113983,16 +114091,13 @@ spec: - -c - | set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") + RESULT=$(curl --silent --fail -k -m 5 "http://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") echo $RESULT echo $RESULT | grep ready failureThreshold: 120 initialDelaySeconds: 1 periodSeconds: 10 volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -114023,20 +114128,9 @@ spec: - --run-broker-probe - --broker-probe-broker-url - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9644 - - --watch-users - - --users-directory=/etc/secrets/users/ command: - /redpanda-operator env: - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: RPK_USER - value: kubernetes-controller - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-256 - name: SERVICE_NAME valueFrom: fieldRef: @@ -114062,9 +114156,6 @@ spec: timeoutSeconds: 0 resources: {} volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -114093,34 +114184,12 @@ spec: runAsNonRoot: false runAsUser: 0 volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config - - command: - - /bin/sh - - -c - - chown 101:101 -R /var/lib/redpanda/data - env: null - image: busybox:latest - name: set-datadir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - mountPath: /var/lib/redpanda/data name: datadir - command: @@ -114147,22 +114216,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: RPK_USER - value: kubernetes-controller - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-256 image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 name: redpanda-configurator resources: {} volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -114226,9 +114283,6 @@ spec: secret: defaultMode: 288 secretName: redpanda-external-cert - - name: users - secret: - secretName: kafka-credentials - name: lifecycle-scripts secret: defaultMode: 509 @@ -114278,43 +114332,33 @@ spec: - ReadWriteOnce resources: requests: - storage: 500Gi + storage: 20Gi status: {} --- -# Source: redpanda/charts/console/templates/entry-point.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/auth-realm: '"Authentication required"' - nginx.ingress.kubernetes.io/auth-secret: ingress-basic-auth-credentials - nginx.ingress.kubernetes.io/auth-type: basic labels: + app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: redpanda-console + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-root-certificate namespace: default spec: - ingressClassName: nginx - rules: - - host: console.redpanda.dev.somecustomer.net - http: - paths: - - backend: - service: - name: redpanda-console - port: - number: 8080 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - console.redpanda.dev.somecustomer.net - secretName: redpanda-console-production-tls + commonName: redpanda-default-root-certificate + duration: 43800h0m0s + isCA: true + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-default-selfsigned-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-default-root-certificate --- # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 @@ -114326,20 +114370,20 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-root-certificate + name: redpanda-external-root-certificate namespace: default spec: - commonName: redpanda-default-root-certificate + commonName: redpanda-external-root-certificate duration: 43800h0m0s isCA: true issuerRef: group: cert-manager.io kind: Issuer - name: redpanda-default-selfsigned-issuer + name: redpanda-external-selfsigned-issuer privateKey: algorithm: ECDSA size: 256 - secretName: redpanda-default-root-certificate + secretName: redpanda-external-root-certificate --- # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 @@ -114367,8 +114411,6 @@ spec: - '*.redpanda.default.svc.cluster.local' - '*.redpanda.default.svc' - '*.redpanda.default' - - redpanda.dev.somecustomer.net - - '*.redpanda.dev.somecustomer.net' duration: 43800h0m0s isCA: false issuerRef: @@ -114394,13 +114436,24 @@ metadata: namespace: default spec: dnsNames: - - redpanda.dev.somecustomer.net - - '*.redpanda.dev.somecustomer.net' + - redpanda-cluster.redpanda.default.svc.cluster.local + - redpanda-cluster.redpanda.default.svc + - redpanda-cluster.redpanda.default + - '*.redpanda-cluster.redpanda.default.svc.cluster.local' + - '*.redpanda-cluster.redpanda.default.svc' + - '*.redpanda-cluster.redpanda.default' + - redpanda.default.svc.cluster.local + - redpanda.default.svc + - redpanda.default + - '*.redpanda.default.svc.cluster.local' + - '*.redpanda.default.svc' + - '*.redpanda.default' duration: 43800h0m0s isCA: false issuerRef: - kind: ClusterIssuer - name: letsencrypt-production + group: cert-manager.io + kind: Issuer + name: redpanda-external-root-issuer privateKey: algorithm: ECDSA size: 256 @@ -114438,6 +114491,37 @@ spec: secretName: redpanda-default-root-certificate --- # Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-selfsigned-issuer + namespace: default +spec: + selfSigned: {} +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-root-issuer + namespace: default +spec: + ca: + secretName: redpanda-external-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -114455,11 +114539,7 @@ spec: interval: 30s path: /public_metrics port: admin - scheme: https - tlsConfig: - ca: {} - cert: {} - insecureSkipVerify: true + scheme: http namespaceSelector: {} selector: matchLabels: @@ -114504,31 +114584,12 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: - - name: REDPANDA_LICENSE - valueFrom: - secretKeyRef: - key: license - name: redpanda-enterprise-license - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: redpanda-bootstrap-user - - name: RPK_USER - value: kubernetes-controller - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-256 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + env: null image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} securityContext: {} volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -114582,15 +114643,12 @@ spec: secret: defaultMode: 288 secretName: redpanda-external-cert - - name: users - secret: - secretName: kafka-credentials - configMap: name: redpanda name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v23.2.8-0.yaml.golden -- +-- testdata/TestTemplate/some-company-1.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -114765,13 +114823,13 @@ stringData: ADVERTISED_KAFKA_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":31092}") rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" @@ -114781,32 +114839,47 @@ stringData: ADVERTISED_HTTP_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}.redpanda.dev.somecustomer.net\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 +immutable: true +kind: Secret +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-bootstrap-user + namespace: default +stringData: + password: changeme +type: Opaque +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 data: - .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_batch_max_bytes":"7777","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"99999","log_segment_size_min":"100","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","election_timeout_ms":"5000","enable_leader_balancer":"true","enable_rack_awareness":"false","enable_sasl":"true","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"true","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","partition_autobalancing_mode":"\"continuous\"","raft_heartbeat_interval_ms":"500","storage_min_free_bytes":"5368709120","superusers":"[\"kubernetes-controller\"]"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml pandaproxy: pandaproxy_api: - address: 0.0.0.0 + authentication_method: http_basic name: internal port: 8082 - - address: 0.0.0.0 - name: default - port: 8083 pandaproxy_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true @@ -114814,12 +114887,6 @@ data: name: internal require_client_auth: false truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt pandaproxy_client: broker_tls: enabled: true @@ -114837,9 +114904,6 @@ data: - address: 0.0.0.0 name: internal port: 9644 - - address: 0.0.0.0 - name: default - port: 9645 admin_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true @@ -114847,19 +114911,15 @@ data: name: internal require_client_auth: false truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt crash_loop_limit: 5 empty_seed_starts_cluster: false kafka_api: - address: 0.0.0.0 + authentication_method: sasl name: internal port: 9093 - address: 0.0.0.0 + authentication_method: sasl name: default port: 9094 kafka_api_tls: @@ -114874,16 +114934,10 @@ data: key_file: /etc/tls/certs/external/tls.key name: default require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt + truststore_file: /etc/ssl/certs/ca-certificates.crt rpc_server: address: 0.0.0.0 port: 33145 - rpc_server_tls: - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt seed_servers: - host: address: redpanda-0.redpanda.default.svc.cluster.local. @@ -114897,9 +114951,9 @@ data: rpk: additional_start_flags: - --default-log-level=info - - --memory=2048M - - --reserve-memory=205M - - --smp=1 + - --memory=16384M + - --reserve-memory=240M + - --smp=7 admin_api: addresses: - redpanda-0.redpanda.default.svc.cluster.local.:9644 @@ -114907,7 +114961,7 @@ data: - redpanda-2.redpanda.default.svc.cluster.local.:9644 tls: ca_file: /etc/tls/certs/default/ca.crt - enable_memory_locking: false + enable_memory_locking: true kafka_api: brokers: - redpanda-0.redpanda.default.svc.cluster.local.:9093 @@ -114929,9 +114983,6 @@ data: - address: 0.0.0.0 name: internal port: 8081 - - address: 0.0.0.0 - name: default - port: 8084 schema_registry_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true @@ -114939,12 +114990,6 @@ data: name: internal require_client_auth: false truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt schema_registry_client: broker_tls: enabled: true @@ -114974,24 +115019,24 @@ data: profile: |- admin_api: addresses: - - redpanda-0:31644 - - redpanda-1:31644 - - redpanda-2:31644 + - redpanda-0.redpanda.dev.somecustomer.net:31644 + - redpanda-1.redpanda.dev.somecustomer.net:31644 + - redpanda-2.redpanda.dev.somecustomer.net:31644 tls: ca_file: ca.crt kafka_api: brokers: - - redpanda-0:31092 - - redpanda-1:31092 - - redpanda-2:31092 + - redpanda-0.redpanda.dev.somecustomer.net:31092 + - redpanda-1.redpanda.dev.somecustomer.net:31092 + - redpanda-2.redpanda.dev.somecustomer.net:31092 tls: ca_file: ca.crt name: default schema_registry: addresses: - - redpanda-0:30081 - - redpanda-1:30081 - - redpanda-2:30081 + - redpanda-0.redpanda.dev.somecustomer.net:30081 + - redpanda-1.redpanda.dev.somecustomer.net:30081 + - redpanda-2.redpanda.dev.somecustomer.net:30081 tls: ca_file: ca.crt kind: ConfigMap @@ -115010,11 +115055,19 @@ apiVersion: v1 data: config.yaml: | # from .Values.config + connect: + connectTimeout: 15s + readTimeout: 60s + requestTimeout: 6s kafka: brokers: - redpanda-0.redpanda.default.svc.cluster.local.:9093 - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 + sasl: + enabled: true + mechanism: SCRAM-SHA-256 + username: kubernetes-controller tls: caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt enabled: true @@ -115027,6 +115080,9 @@ data: urls: - https://redpanda.default.svc.cluster.local.:9644 schemaRegistry: + authentication: + basic: + username: kubernetes-controller enabled: true tls: caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt @@ -115184,81 +115240,134 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - name: redpanda-external + monitoring.redpanda.com/enabled: "true" + name: redpanda namespace: default spec: - externalTrafficPolicy: Local + clusterIP: None ports: - - name: admin-default - nodePort: 31644 - port: 9645 + - appProtocol: null + name: admin + port: 9644 protocol: TCP - targetPort: 0 - - name: kafka-default - nodePort: 31092 - port: 9094 + targetPort: 9644 + - name: http + port: 8082 protocol: TCP - targetPort: 0 - - name: http-default - nodePort: 30082 - port: 8083 + targetPort: 8082 + - name: kafka + port: 9093 protocol: TCP - targetPort: 0 - - name: schema-default - nodePort: 30081 - port: 8084 + targetPort: 9093 + - name: rpc + port: 33145 protocol: TCP - targetPort: 0 + targetPort: 33145 + - name: schemaregistry + port: 8081 + protocol: TCP + targetPort: 8081 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - sessionAffinity: None - type: NodePort + type: ClusterIP --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: - annotations: {} + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-0.redpanda.dev.somecustomer.net labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - monitoring.redpanda.com/enabled: "false" - name: redpanda + repdanda.com/type: loadbalancer + name: lb-redpanda-0 namespace: default spec: - clusterIP: None + externalTrafficPolicy: Local + loadBalancerSourceRanges: null ports: - appProtocol: null - name: admin - port: 9644 - protocol: TCP - targetPort: 9644 - - name: http - port: 8082 - protocol: TCP - targetPort: 8082 - - name: kafka - port: 9093 + name: kafka-default + port: 31092 protocol: TCP - targetPort: 9093 - - name: rpc - port: 33145 + targetPort: 9094 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + statefulset.kubernetes.io/pod-name: redpanda-0 + sessionAffinity: None + type: LoadBalancer +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-1.redpanda.dev.somecustomer.net + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + repdanda.com/type: loadbalancer + name: lb-redpanda-1 + namespace: default +spec: + externalTrafficPolicy: Local + loadBalancerSourceRanges: null + ports: + - appProtocol: null + name: kafka-default + port: 31092 protocol: TCP - targetPort: 33145 - - name: schemaregistry - port: 8081 + targetPort: 9094 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + statefulset.kubernetes.io/pod-name: redpanda-1 + sessionAffinity: None + type: LoadBalancer +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-2.redpanda.dev.somecustomer.net + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + repdanda.com/type: loadbalancer + name: lb-redpanda-2 + namespace: default +spec: + externalTrafficPolicy: Local + loadBalancerSourceRanges: null + ports: + - appProtocol: null + name: kafka-default + port: 31092 protocol: TCP - targetPort: 8081 + targetPort: 9094 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - type: ClusterIP + statefulset.kubernetes.io/pod-name: redpanda-2 + sessionAffinity: None + type: LoadBalancer --- # Source: redpanda/templates/entry-point.yaml apiVersion: apps/v1 @@ -115283,18 +115392,41 @@ spec: template: metadata: annotations: - checksum/config: 44e632405e10e419e4cb3a5f69d2911edabaa8fd561fc25ec1017dc35a99fc96 + checksum/config: 64651eb4ff837fa7e4992a1f706dadc1b2301bf7d7b92f6470f34e4d6e5ebf0f labels: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: console spec: - affinity: {} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: null + env: + - name: KAFKA_SASL_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: SCHEMAREGISTRY_AUTHENTICATION_BASIC_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: LICENSE + valueFrom: + secretKeyRef: + key: license + name: redpanda-enterprise-license envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -115378,7 +115510,7 @@ spec: template: metadata: annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + config.redpanda.com/checksum: af76624dd852d2724eb5f120c208cbc964be906efd325d02a832b9d0dca12770 labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda @@ -115417,7 +115549,18 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: RPK_USER + value: kubernetes-controller + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-256 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 lifecycle: postStart: exec: @@ -115443,12 +115586,8 @@ spec: ports: - containerPort: 9644 name: admin - - containerPort: 9645 - name: admin-default - containerPort: 8082 name: http - - containerPort: 8083 - name: http-default - containerPort: 9093 name: kafka - containerPort: 9094 @@ -115457,12 +115596,13 @@ spec: name: rpc - containerPort: 8081 name: schemaregistry - - containerPort: 8084 - name: schema-default resources: limits: - cpu: 1 - memory: 2.5Gi + cpu: "7" + memory: 25Gi + requests: + cpu: "7" + memory: 20Gi startupProbe: exec: command: @@ -115477,6 +115617,9 @@ spec: initialDelaySeconds: 1 periodSeconds: 10 volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -115507,9 +115650,20 @@ spec: - --run-broker-probe - --broker-probe-broker-url - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9644 + - --watch-users + - --users-directory=/etc/secrets/users/ command: - /redpanda-operator env: + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: RPK_USER + value: kubernetes-controller + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-256 - name: SERVICE_NAME valueFrom: fieldRef: @@ -115535,6 +115689,9 @@ spec: timeoutSeconds: 0 resources: {} volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -115551,7 +115708,7 @@ spec: - -c - rpk redpanda tune all env: null - image: somecustomrepo:v23.2.8 + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 name: tuning resources: {} securityContext: @@ -115563,12 +115720,38 @@ spec: runAsNonRoot: false runAsUser: 0 volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - chown 101:101 -R /var/lib/redpanda/data + env: null + image: busybox:latest + name: set-datadir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -115593,10 +115776,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: somecustomrepo:v23.2.8 + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: RPK_USER + value: kubernetes-controller + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-256 + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 name: redpanda-configurator resources: {} volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -115660,6 +115855,9 @@ spec: secret: defaultMode: 288 secretName: redpanda-external-cert + - name: users + secret: + secretName: kafka-credentials - name: lifecycle-scripts secret: defaultMode: 509 @@ -115709,33 +115907,43 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi + storage: 500Gi status: {} --- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Certificate +# Source: redpanda/charts/console/templates/entry-point.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/auth-realm: '"Authentication required"' + nginx.ingress.kubernetes.io/auth-secret: ingress-basic-auth-credentials + nginx.ingress.kubernetes.io/auth-type: basic labels: - app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-root-certificate + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console namespace: default spec: - commonName: redpanda-default-root-certificate - duration: 43800h0m0s - isCA: true - issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-default-selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: redpanda-default-root-certificate + ingressClassName: nginx + rules: + - host: console.redpanda.dev.somecustomer.net + http: + paths: + - backend: + service: + name: redpanda-console + port: + number: 8080 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - console.redpanda.dev.somecustomer.net + secretName: redpanda-console-production-tls --- # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 @@ -115747,20 +115955,20 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - name: redpanda-external-root-certificate + name: redpanda-default-root-certificate namespace: default spec: - commonName: redpanda-external-root-certificate + commonName: redpanda-default-root-certificate duration: 43800h0m0s isCA: true issuerRef: group: cert-manager.io kind: Issuer - name: redpanda-external-selfsigned-issuer + name: redpanda-default-selfsigned-issuer privateKey: algorithm: ECDSA size: 256 - secretName: redpanda-external-root-certificate + secretName: redpanda-default-root-certificate --- # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 @@ -115788,6 +115996,8 @@ spec: - '*.redpanda.default.svc.cluster.local' - '*.redpanda.default.svc' - '*.redpanda.default' + - redpanda.dev.somecustomer.net + - '*.redpanda.dev.somecustomer.net' duration: 43800h0m0s isCA: false issuerRef: @@ -115813,24 +116023,13 @@ metadata: namespace: default spec: dnsNames: - - redpanda-cluster.redpanda.default.svc.cluster.local - - redpanda-cluster.redpanda.default.svc - - redpanda-cluster.redpanda.default - - '*.redpanda-cluster.redpanda.default.svc.cluster.local' - - '*.redpanda-cluster.redpanda.default.svc' - - '*.redpanda-cluster.redpanda.default' - - redpanda.default.svc.cluster.local - - redpanda.default.svc - - redpanda.default - - '*.redpanda.default.svc.cluster.local' - - '*.redpanda.default.svc' - - '*.redpanda.default' + - redpanda.dev.somecustomer.net + - '*.redpanda.dev.somecustomer.net' duration: 43800h0m0s isCA: false issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-external-root-issuer + kind: ClusterIssuer + name: letsencrypt-production privateKey: algorithm: ECDSA size: 256 @@ -115868,23 +116067,8 @@ spec: secretName: redpanda-default-root-certificate --- # Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-external-selfsigned-issuer - namespace: default -spec: - selfSigned: {} ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor metadata: labels: app.kubernetes.io/component: redpanda @@ -115892,11 +116076,25 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - name: redpanda-external-root-issuer + name: redpanda namespace: default spec: - ca: - secretName: redpanda-external-root-certificate + endpoints: + - enableHttp2: null + interval: 30s + path: /public_metrics + port: admin + scheme: https + tlsConfig: + ca: {} + cert: {} + insecureSkipVerify: true + namespaceSelector: {} + selector: + matchLabels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + monitoring.redpanda.com/enabled: "true" --- # Source: redpanda/templates/entry-point.yaml apiVersion: batch/v1 @@ -115935,12 +116133,31 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: null + env: + - name: REDPANDA_LICENSE + valueFrom: + secretKeyRef: + key: license + name: redpanda-enterprise-license + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: redpanda-bootstrap-user + - name: RPK_USER + value: kubernetes-controller + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-256 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} securityContext: {} volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -115994,12 +116211,15 @@ spec: secret: defaultMode: 288 secretName: redpanda-external-cert + - name: users + secret: + secretName: kafka-credentials - configMap: name: redpanda name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v23.2.8-1.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v23.2.8-0.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -116203,41 +116423,8 @@ type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: redpanda-console - namespace: default -stringData: - authentication-jwt-signingkey: SECRETKEY - authentication-oidc-client-secret: "" - kafka-sasl-aws-msk-iam-secret-key: "" - kafka-sasl-password: "" - kafka-tls-ca: "" - kafka-tls-cert: "" - kafka-tls-key: "" - license: ATOTALLYVALIDLICENSE - redpanda-admin-api-password: "" - redpanda-admin-api-tls-ca: "" - redpanda-admin-api-tls-cert: "" - redpanda-admin-api-tls-key: "" - schema-registry-bearertoken: "" - schema-registry-password: "" - schemaregistry-tls-ca: "" - schemaregistry-tls-cert: "" - schemaregistry-tls-key: "" - serde-protobuf-git-basicauth-password: "" -type: Opaque ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 data: - .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_batch_max_bytes":"7777","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"99999","log_segment_size_min":"100","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -116736,17 +116923,7 @@ spec: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: - - name: AUTHENTICATION_JWTSIGNINGKEY - valueFrom: - secretKeyRef: - key: authentication-jwt-signingkey - name: redpanda-console - - name: LICENSE - valueFrom: - secretKeyRef: - key: license - name: redpanda-console + env: null envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -116780,9 +116957,6 @@ spec: - mountPath: /etc/console/configs name: configs readOnly: true - - mountPath: /etc/console/secrets - name: secrets - readOnly: true - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] @@ -116800,9 +116974,6 @@ spec: - configMap: name: redpanda-console name: configs - - name: secrets - secret: - secretName: redpanda-console - name: redpanda-certificates projected: sources: @@ -117027,6 +117198,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -117393,9 +117566,7 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: - - name: REDPANDA_LICENSE - value: ATOTALLYVALIDLICENSE + env: null image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} @@ -117459,7 +117630,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v23.2.8-2.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v23.2.8-1.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -117659,18 +117830,45 @@ stringData: ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" - - # Configure Rack Awareness - set +x - RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep '"topology-label"' | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') - set -x - rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" +type: Opaque +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +stringData: + authentication-jwt-signingkey: SECRETKEY + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: ATOTALLYVALIDLICENSE + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 data: - .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"true","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -117923,47 +118121,6 @@ metadata: --- # Source: redpanda/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-rack-awareness -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-rack-awareness -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: redpanda-default-rack-awareness -subjects: -- kind: ServiceAccount - name: redpanda - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: {} @@ -118210,7 +118367,17 @@ spec: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: null + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: redpanda-console + - name: LICENSE + valueFrom: + secretKeyRef: + key: license + name: redpanda-console envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -118244,6 +118411,9 @@ spec: - mountPath: /etc/console/configs name: configs readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] @@ -118261,6 +118431,9 @@ spec: - configMap: name: redpanda-console name: configs + - name: secrets + secret: + secretName: redpanda-console - name: redpanda-certificates projected: sources: @@ -118485,6 +118658,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -118523,9 +118698,6 @@ spec: name: base-config - mountPath: /etc/secrets/configurator/scripts/ name: redpanda-configurator - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - command: - /redpanda-operator - bootstrap @@ -118854,7 +119026,9 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: null + env: + - name: REDPANDA_LICENSE + value: ATOTALLYVALIDLICENSE image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} @@ -118918,7 +119092,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v24.1.0-0.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v23.2.8-2.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -119118,12 +119292,18 @@ stringData: ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" + + # Configure Rack Awareness + set +x + RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep '"topology-label"' | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') + set -x + rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_batch_max_bytes":"7777","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"99999","log_segment_size_min":"100","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"true","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -119376,6 +119556,47 @@ metadata: --- # Source: redpanda/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-rack-awareness +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-rack-awareness +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: redpanda-default-rack-awareness +subjects: +- kind: ServiceAccount + name: redpanda + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: {} @@ -119745,7 +119966,7 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 + image: somecustomrepo:v23.2.8 lifecycle: postStart: exec: @@ -119879,7 +120100,7 @@ spec: - -c - rpk redpanda tune all env: null - image: somecustomrepo:v24.1.0 + image: somecustomrepo:v23.2.8 name: tuning resources: {} securityContext: @@ -119897,6 +120118,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -119921,7 +120144,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: somecustomrepo:v24.1.0 + image: somecustomrepo:v23.2.8 name: redpanda-configurator resources: {} volumeMounts: @@ -119935,6 +120158,9 @@ spec: name: base-config - mountPath: /etc/secrets/configurator/scripts/ name: redpanda-configurator + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true - command: - /redpanda-operator - bootstrap @@ -120327,7 +120553,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v24.1.0-1.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v24.1.0-0.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -120531,41 +120757,8 @@ type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: redpanda-console - namespace: default -stringData: - authentication-jwt-signingkey: SECRETKEY - authentication-oidc-client-secret: "" - kafka-sasl-aws-msk-iam-secret-key: "" - kafka-sasl-password: "" - kafka-tls-ca: "" - kafka-tls-cert: "" - kafka-tls-key: "" - license: ATOTALLYVALIDLICENSE - redpanda-admin-api-password: "" - redpanda-admin-api-tls-ca: "" - redpanda-admin-api-tls-cert: "" - redpanda-admin-api-tls-key: "" - schema-registry-bearertoken: "" - schema-registry-password: "" - schemaregistry-tls-ca: "" - schemaregistry-tls-cert: "" - schemaregistry-tls-key: "" - serde-protobuf-git-basicauth-password: "" -type: Opaque ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_batch_max_bytes":"7777","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"99999","log_segment_size_min":"100","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -121064,17 +121257,7 @@ spec: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: - - name: AUTHENTICATION_JWTSIGNINGKEY - valueFrom: - secretKeyRef: - key: authentication-jwt-signingkey - name: redpanda-console - - name: LICENSE - valueFrom: - secretKeyRef: - key: license - name: redpanda-console + env: null envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -121108,9 +121291,6 @@ spec: - mountPath: /etc/console/configs name: configs readOnly: true - - mountPath: /etc/console/secrets - name: secrets - readOnly: true - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] @@ -121128,9 +121308,6 @@ spec: - configMap: name: redpanda-console name: configs - - name: secrets - secret: - secretName: redpanda-console - name: redpanda-certificates projected: sources: @@ -121355,6 +121532,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -121721,9 +121900,7 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: - - name: REDPANDA_LICENSE - value: ATOTALLYVALIDLICENSE + env: null image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} @@ -121787,7 +121964,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/somecustomrepo-v24.1.0-2.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v24.1.0-1.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -121987,18 +122164,45 @@ stringData: ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" - - # Configure Rack Awareness - set +x - RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep '"topology-label"' | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') - set -x - rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" +type: Opaque +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +stringData: + authentication-jwt-signingkey: SECRETKEY + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: ATOTALLYVALIDLICENSE + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"true","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -122251,47 +122455,6 @@ metadata: --- # Source: redpanda/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-rack-awareness -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - name: redpanda-default-rack-awareness -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: redpanda-default-rack-awareness -subjects: -- kind: ServiceAccount - name: redpanda - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: {} @@ -122538,7 +122701,17 @@ spec: - args: - --config.filepath=/etc/console/configs/config.yaml command: null - env: null + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: redpanda-console + - name: LICENSE + valueFrom: + secretKeyRef: + key: license + name: redpanda-console envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -122572,6 +122745,9 @@ spec: - mountPath: /etc/console/configs name: configs readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] @@ -122589,6 +122765,9 @@ spec: - configMap: name: redpanda-console name: configs + - name: secrets + secret: + secretName: redpanda-console - name: redpanda-certificates projected: sources: @@ -122813,6 +122992,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -122851,9 +123032,6 @@ spec: name: base-config - mountPath: /etc/secrets/configurator/scripts/ name: redpanda-configurator - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - command: - /redpanda-operator - bootstrap @@ -123182,7 +123360,9 @@ spec: - /tmp/base-config/redpanda.yaml - --bootstrap-yaml - /tmp/config/.bootstrap.yaml - env: null + env: + - name: REDPANDA_LICENSE + value: ATOTALLYVALIDLICENSE image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 name: post-install resources: {} @@ -123246,7 +123426,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/template-console-examples.yaml.golden -- +-- testdata/TestTemplate/somecustomrepo-v24.1.0-2.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -123446,12 +123626,18 @@ stringData: ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" + + # Configure Rack Awareness + set +x + RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep '"topology-label"' | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') + set -x + rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" type: Opaque --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"true","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' bootstrap.yaml.fixups: '[]' redpanda.yaml: |- config_file: /etc/redpanda/redpanda.yaml @@ -123704,6 +123890,47 @@ metadata: --- # Source: redpanda/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-rack-awareness +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-rack-awareness +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: redpanda-default-rack-awareness +subjects: +- kind: ServiceAccount + name: redpanda + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: {} @@ -123987,14 +124214,7 @@ spec: - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] - initContainers: - - args: - - echo "Hello World! Hello World! " - command: - - /bin/bash - - -c - image: mintel/docker-alpine-bash-curl-jq:latest - name: test-init-container + initContainers: null nodeSelector: {} priorityClassName: "" securityContext: @@ -124080,7 +124300,7 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + image: somecustomrepo:v24.1.0 lifecycle: postStart: exec: @@ -124214,7 +124434,7 @@ spec: - -c - rpk redpanda tune all env: null - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + image: somecustomrepo:v24.1.0 name: tuning resources: {} securityContext: @@ -124232,6 +124452,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -124256,7 +124478,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + image: somecustomrepo:v24.1.0 name: redpanda-configurator resources: {} volumeMounts: @@ -124270,6 +124492,9 @@ spec: name: base-config - mountPath: /etc/secrets/configurator/scripts/ name: redpanda-configurator + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true - command: - /redpanda-operator - bootstrap @@ -124375,34 +124600,6 @@ spec: storage: 20Gi status: {} --- -# Source: redpanda/charts/console/templates/entry-point.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: redpanda-console - namespace: default -spec: - ingressClassName: null - rules: - - host: redpanda-console-first-rule-host - http: - paths: null - - host: redpanda-console-second-rule-host - http: - paths: null - tls: - - hosts: - - redpanda-console-tls-first-host - - redpanda-console-tls-second-host - secretName: test ---- # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 kind: Certificate @@ -124690,7 +124887,7 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/trust-store-reference.yaml.golden -- +-- testdata/TestTemplate/template-console-examples.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -124759,14 +124956,14 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9643" + CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/node_config" + CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/maintenance" + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" postStart.sh: |- #!/usr/bin/env bash # This code should be similar if not exactly the same as that found in the panda-operator, see @@ -124785,7 +124982,7 @@ stringData: done echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do status=$(${CURL_MAINTENANCE_DELETE_CMD}) @@ -124815,7 +125012,7 @@ stringData: done echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" until [ "${status:-}" = '"200"' ]; do status=$(${CURL_MAINTENANCE_PUT_CMD}) sleep 0.5 @@ -124865,13 +125062,13 @@ stringData: ADVERTISED_KAFKA_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-0.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-1.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-2.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" @@ -124881,13 +125078,13 @@ stringData: ADVERTISED_HTTP_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-0.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-1.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-2.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" type: Opaque @@ -124912,21 +125109,19 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - - cert_file: /etc/tls/certs/default/tls.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt enabled: true - key_file: /etc/tls/certs/default/tls.key + key_file: /etc/tls/certs/external/tls.key name: default - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt pandaproxy_client: broker_tls: - cert_file: /etc/tls/certs/default-client/tls.crt enabled: true - key_file: /etc/tls/certs/default-client/tls.key - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt brokers: - address: redpanda-0.redpanda.default.svc.cluster.local. port: 9093 @@ -124938,23 +125133,23 @@ data: admin: - address: 0.0.0.0 name: internal - port: 9643 + port: 9644 - address: 0.0.0.0 name: default - port: 9644 + port: 9645 admin_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - - cert_file: /etc/tls/certs/default/tls.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt enabled: true - key_file: /etc/tls/certs/default/tls.key + key_file: /etc/tls/certs/external/tls.key name: default - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt crash_loop_limit: 5 empty_seed_starts_cluster: false kafka_api: @@ -124969,14 +125164,14 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - - cert_file: /etc/tls/certs/default/tls.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt enabled: true - key_file: /etc/tls/certs/default/tls.key + key_file: /etc/tls/certs/external/tls.key name: default - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt rpc_server: address: 0.0.0.0 port: 33145 @@ -124984,8 +125179,8 @@ data: cert_file: /etc/tls/certs/default/tls.crt enabled: true key_file: /etc/tls/certs/default/tls.key - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt seed_servers: - host: address: redpanda-0.redpanda.default.svc.cluster.local. @@ -125004,13 +125199,11 @@ data: - --smp=1 admin_api: addresses: - - redpanda-0.redpanda.default.svc.cluster.local.:9643 - - redpanda-1.redpanda.default.svc.cluster.local.:9643 - - redpanda-2.redpanda.default.svc.cluster.local.:9643 + - redpanda-0.redpanda.default.svc.cluster.local.:9644 + - redpanda-1.redpanda.default.svc.cluster.local.:9644 + - redpanda-2.redpanda.default.svc.cluster.local.:9644 tls: - ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key + ca_file: /etc/tls/certs/default/ca.crt enable_memory_locking: false kafka_api: brokers: @@ -125018,9 +125211,7 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 tls: - ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key + ca_file: /etc/tls/certs/default/ca.crt overprovisioned: false schema_registry: addresses: @@ -125028,9 +125219,7 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:8081 - redpanda-2.redpanda.default.svc.cluster.local.:8081 tls: - ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key + ca_file: /etc/tls/certs/default/ca.crt tune_aio_events: true schema_registry: schema_registry_api: @@ -125045,21 +125234,19 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt - - cert_file: /etc/tls/certs/default/tls.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt enabled: true - key_file: /etc/tls/certs/default/tls.key + key_file: /etc/tls/certs/external/tls.key name: default - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt schema_registry_client: broker_tls: - cert_file: /etc/tls/certs/default-client/tls.crt enabled: true - key_file: /etc/tls/certs/default-client/tls.key - require_client_auth: true - truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt brokers: - address: redpanda-0.redpanda.default.svc.cluster.local. port: 9093 @@ -125084,32 +125271,26 @@ data: profile: |- admin_api: addresses: - - redpanda-0.:9644 - - redpanda-1.:9644 - - redpanda-2.:9644 + - redpanda-0:31644 + - redpanda-1:31644 + - redpanda-2:31644 tls: ca_file: ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key kafka_api: brokers: - - redpanda-0.:9094 - - redpanda-1.:9094 - - redpanda-2.:9094 + - redpanda-0:31092 + - redpanda-1:31092 + - redpanda-2:31092 tls: ca_file: ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key name: default schema_registry: addresses: - - redpanda-0.:8084 - - redpanda-1.:8084 - - redpanda-2.:8084 + - redpanda-0:30081 + - redpanda-1:30081 + - redpanda-2:30081 tls: ca_file: ca.crt - cert_file: /etc/tls/certs/default-client/tls.crt - key_file: /etc/tls/certs/default-client/tls.key kind: ConfigMap metadata: labels: @@ -125132,27 +125313,21 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 tls: - caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt - certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt enabled: true - keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key redpanda: adminApi: enabled: true tls: - caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt - certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt enabled: true - keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key urls: - - https://redpanda.default.svc.cluster.local.:9643 + - https://redpanda.default.svc.cluster.local.:9644 schemaRegistry: enabled: true tls: - caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt - certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt enabled: true - keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key urls: - https://redpanda-0.redpanda.default.svc.cluster.local.:8081 - https://redpanda-1.redpanda.default.svc.cluster.local.:8081 @@ -125306,179 +125481,81 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - monitoring.redpanda.com/enabled: "false" - name: redpanda - namespace: default -spec: - clusterIP: None - ports: - - appProtocol: null - name: admin - port: 9643 - protocol: TCP - targetPort: 9643 - - name: http - port: 8082 - protocol: TCP - targetPort: 8082 - - name: kafka - port: 9093 - protocol: TCP - targetPort: 9093 - - name: rpc - port: 33145 - protocol: TCP - targetPort: 33145 - - name: schemaregistry - port: 8081 - protocol: TCP - targetPort: 8081 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - type: ClusterIP ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-0. - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-0 + name: redpanda-external namespace: default spec: externalTrafficPolicy: Local - loadBalancerSourceRanges: null ports: - - appProtocol: null - name: admin-default - port: 9644 + - name: admin-default + nodePort: 31644 + port: 9645 protocol: TCP - targetPort: 9644 - - appProtocol: null - name: kafka-default + targetPort: 0 + - name: kafka-default + nodePort: 31092 port: 9094 protocol: TCP - targetPort: 9094 - - appProtocol: null - name: http-default + targetPort: 0 + - name: http-default + nodePort: 30082 port: 8083 protocol: TCP - targetPort: 8083 - - appProtocol: null - name: schema-default + targetPort: 0 + - name: schema-default + nodePort: 30081 port: 8084 protocol: TCP - targetPort: 8084 + targetPort: 0 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-0 sessionAffinity: None - type: LoadBalancer + type: NodePort --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-1. + annotations: {} labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-1 + monitoring.redpanda.com/enabled: "false" + name: redpanda namespace: default spec: - externalTrafficPolicy: Local - loadBalancerSourceRanges: null + clusterIP: None ports: - appProtocol: null - name: admin-default + name: admin port: 9644 protocol: TCP targetPort: 9644 - - appProtocol: null - name: kafka-default - port: 9094 - protocol: TCP - targetPort: 9094 - - appProtocol: null - name: http-default - port: 8083 - protocol: TCP - targetPort: 8083 - - appProtocol: null - name: schema-default - port: 8084 - protocol: TCP - targetPort: 8084 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-1 - sessionAffinity: None - type: LoadBalancer ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: redpanda-2. - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-25.3.4 - repdanda.com/type: loadbalancer - name: lb-redpanda-2 - namespace: default -spec: - externalTrafficPolicy: Local - loadBalancerSourceRanges: null - ports: - - appProtocol: null - name: admin-default - port: 9644 + - name: http + port: 8082 protocol: TCP - targetPort: 9644 - - appProtocol: null - name: kafka-default - port: 9094 + targetPort: 8082 + - name: kafka + port: 9093 protocol: TCP - targetPort: 9094 - - appProtocol: null - name: http-default - port: 8083 + targetPort: 9093 + - name: rpc + port: 33145 protocol: TCP - targetPort: 8083 - - appProtocol: null - name: schema-default - port: 8084 + targetPort: 33145 + - name: schemaregistry + port: 8081 protocol: TCP - targetPort: 8084 + targetPort: 8081 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - statefulset.kubernetes.io/pod-name: redpanda-2 - sessionAffinity: None - type: LoadBalancer + type: ClusterIP --- # Source: redpanda/templates/entry-point.yaml apiVersion: apps/v1 @@ -125503,7 +125580,7 @@ spec: template: metadata: annotations: - checksum/config: 6ca5d29cdbad9c70206c333f995591800e65c8f5b488f120e7f0f53b07ef07a2 + checksum/config: 44e632405e10e419e4cb3a5f69d2911edabaa8fd561fc25ec1017dc35a99fc96 labels: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: console @@ -125551,7 +125628,14 @@ spec: - mountPath: /etc/tls/certs name: redpanda-certificates imagePullSecrets: [] - initContainers: null + initContainers: + - args: + - echo "Hello World! Hello World! " + command: + - /bin/bash + - -c + image: mintel/docker-alpine-bash-curl-jq:latest + name: test-init-container nodeSelector: {} priorityClassName: "" securityContext: @@ -125569,17 +125653,10 @@ spec: projected: sources: - secret: - items: - - key: tls.crt - path: secrets/redpanda-admin-cert/tls.crt - - key: tls.key - path: secrets/redpanda-admin-cert/tls.key - name: redpanda-admin-cert - - configMap: items: - key: ca.crt - path: configmaps/redpanda-company-cacrt/ca.crt - name: redpanda-company-cacrt + path: secrets/redpanda-default-cert/ca.crt + name: redpanda-default-cert --- # Source: redpanda/templates/entry-point.yaml apiVersion: apps/v1 @@ -125605,7 +125682,7 @@ spec: template: metadata: annotations: - config.redpanda.com/checksum: fdd568fce14c03b9695054c1af47af47e4736b226234742ad619c27a3046ee4f + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca labels: app.kubernetes.io/component: redpanda-statefulset app.kubernetes.io/instance: redpanda @@ -125665,12 +125742,12 @@ spec: initialDelaySeconds: 10 periodSeconds: 10 tcpSocket: - port: 9643 + port: 9644 name: redpanda ports: - - containerPort: 9643 - name: admin - containerPort: 9644 + name: admin + - containerPort: 9645 name: admin-default - containerPort: 8082 name: http @@ -125697,7 +125774,7 @@ spec: - -c - | set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9643/v1/status/ready") + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") echo $RESULT echo $RESULT | grep ready failureThreshold: 120 @@ -125706,8 +125783,8 @@ spec: volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert - mountPath: /etc/redpanda name: config - mountPath: /tmp/base-config @@ -125719,9 +125796,6 @@ spec: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access readOnly: true - - mountPath: /etc/truststores - name: truststores - readOnly: true - args: - supervisor - -- @@ -125736,7 +125810,7 @@ spec: - --selector=helm.sh/chart=redpanda-25.3.4,app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=redpanda - --run-broker-probe - --broker-probe-broker-url - - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9643 + - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9644 command: - /redpanda-operator env: @@ -125767,8 +125841,8 @@ spec: volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert - mountPath: /etc/redpanda name: config - mountPath: /var/run/secrets/kubernetes.io/serviceaccount @@ -125795,10 +125869,12 @@ spec: volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -125829,8 +125905,8 @@ spec: volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert - mountPath: /etc/redpanda name: config - mountPath: /tmp/base-config @@ -125885,11 +125961,11 @@ spec: - name: redpanda-default-cert secret: defaultMode: 288 - secretName: redpanda-tls-cert - - name: redpanda-default-client-cert + secretName: redpanda-default-cert + - name: redpanda-external-cert secret: defaultMode: 288 - secretName: redpanda-admin-cert + secretName: redpanda-external-cert - name: lifecycle-scripts secret: defaultMode: 509 @@ -125903,14 +125979,6 @@ spec: secret: defaultMode: 509 secretName: redpanda-configurator - - name: truststores - projected: - sources: - - configMap: - items: - - key: ca.crt - path: configmaps/redpanda-company-cacrt-ca.crt - name: redpanda-company-cacrt - name: datadir persistentVolumeClaim: claimName: datadir @@ -125950,6 +126018,220 @@ spec: storage: 20Gi status: {} --- +# Source: redpanda/charts/console/templates/entry-point.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +spec: + ingressClassName: null + rules: + - host: redpanda-console-first-rule-host + http: + paths: null + - host: redpanda-console-second-rule-host + http: + paths: null + tls: + - hosts: + - redpanda-console-tls-first-host + - redpanda-console-tls-second-host + secretName: test +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-root-certificate + namespace: default +spec: + commonName: redpanda-default-root-certificate + duration: 43800h0m0s + isCA: true + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-default-selfsigned-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-default-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-root-certificate + namespace: default +spec: + commonName: redpanda-external-root-certificate + duration: 43800h0m0s + isCA: true + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-external-selfsigned-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-external-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-cert + namespace: default +spec: + dnsNames: + - redpanda-cluster.redpanda.default.svc.cluster.local + - redpanda-cluster.redpanda.default.svc + - redpanda-cluster.redpanda.default + - '*.redpanda-cluster.redpanda.default.svc.cluster.local' + - '*.redpanda-cluster.redpanda.default.svc' + - '*.redpanda-cluster.redpanda.default' + - redpanda.default.svc.cluster.local + - redpanda.default.svc + - redpanda.default + - '*.redpanda.default.svc.cluster.local' + - '*.redpanda.default.svc' + - '*.redpanda.default' + duration: 43800h0m0s + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-default-root-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-default-cert +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-cert + namespace: default +spec: + dnsNames: + - redpanda-cluster.redpanda.default.svc.cluster.local + - redpanda-cluster.redpanda.default.svc + - redpanda-cluster.redpanda.default + - '*.redpanda-cluster.redpanda.default.svc.cluster.local' + - '*.redpanda-cluster.redpanda.default.svc' + - '*.redpanda-cluster.redpanda.default' + - redpanda.default.svc.cluster.local + - redpanda.default.svc + - redpanda.default + - '*.redpanda.default.svc.cluster.local' + - '*.redpanda.default.svc' + - '*.redpanda.default' + duration: 43800h0m0s + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-external-root-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-external-cert +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-selfsigned-issuer + namespace: default +spec: + selfSigned: {} +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-default-root-issuer + namespace: default +spec: + ca: + secretName: redpanda-default-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-selfsigned-issuer + namespace: default +spec: + selfSigned: {} +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external-root-issuer + namespace: default +spec: + ca: + secretName: redpanda-external-root-certificate +--- # Source: redpanda/templates/entry-point.yaml apiVersion: batch/v1 kind: Job @@ -125995,8 +126277,8 @@ spec: volumeMounts: - mountPath: /etc/tls/certs/default name: redpanda-default-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert - mountPath: /tmp/config name: config - mountPath: /tmp/base-config @@ -126041,17 +126323,17 @@ spec: - name: redpanda-default-cert secret: defaultMode: 288 - secretName: redpanda-tls-cert - - name: redpanda-default-client-cert + secretName: redpanda-default-cert + - name: redpanda-external-cert secret: defaultMode: 288 - secretName: redpanda-admin-cert + secretName: redpanda-external-cert - configMap: name: redpanda name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/trust-stores-ca-enabled.yaml.golden -- +-- testdata/TestTemplate/trust-store-reference.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml apiVersion: policy/v1 @@ -126120,14 +126402,14 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" + CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9643" # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" + CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/node_config" CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/maintenance" postStart.sh: |- #!/usr/bin/env bash # This code should be similar if not exactly the same as that found in the panda-operator, see @@ -126146,7 +126428,7 @@ stringData: done echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do status=$(${CURL_MAINTENANCE_DELETE_CMD}) @@ -126176,7 +126458,7 @@ stringData: done echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" until [ "${status:-}" = '"200"' ]; do status=$(${CURL_MAINTENANCE_PUT_CMD}) sleep 0.5 @@ -126226,13 +126508,13 @@ stringData: ADVERTISED_KAFKA_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-0.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-1.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"redpanda-2.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":9094}") rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" @@ -126242,13 +126524,13 @@ stringData: ADVERTISED_HTTP_ADDRESSES=() PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-0.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-1.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"redpanda-2.\\u003cour domain\\u003e\",\"name\":\"default\",\"port\":8083}") rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" type: Opaque @@ -126273,19 +126555,21 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + - cert_file: /etc/tls/certs/default/tls.crt enabled: true - key_file: /etc/tls/certs/external/tls.key + key_file: /etc/tls/certs/default/tls.key name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt pandaproxy_client: broker_tls: + cert_file: /etc/tls/certs/default-client/tls.crt enabled: true - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt + key_file: /etc/tls/certs/default-client/tls.key + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt brokers: - address: redpanda-0.redpanda.default.svc.cluster.local. port: 9093 @@ -126297,23 +126581,23 @@ data: admin: - address: 0.0.0.0 name: internal - port: 9644 + port: 9643 - address: 0.0.0.0 name: default - port: 9645 + port: 9644 admin_api_tls: - cert_file: /etc/tls/certs/default/tls.crt enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + - cert_file: /etc/tls/certs/default/tls.crt enabled: true - key_file: /etc/tls/certs/external/tls.key + key_file: /etc/tls/certs/default/tls.key name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt crash_loop_limit: 5 empty_seed_starts_cluster: false kafka_api: @@ -126328,14 +126612,14 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + - cert_file: /etc/tls/certs/default/tls.crt enabled: true - key_file: /etc/tls/certs/external/tls.key + key_file: /etc/tls/certs/default/tls.key name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt rpc_server: address: 0.0.0.0 port: 33145 @@ -126343,8 +126627,8 @@ data: cert_file: /etc/tls/certs/default/tls.crt enabled: true key_file: /etc/tls/certs/default/tls.key - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt seed_servers: - host: address: redpanda-0.redpanda.default.svc.cluster.local. @@ -126363,11 +126647,13 @@ data: - --smp=1 admin_api: addresses: - - redpanda-0.redpanda.default.svc.cluster.local.:9644 - - redpanda-1.redpanda.default.svc.cluster.local.:9644 - - redpanda-2.redpanda.default.svc.cluster.local.:9644 + - redpanda-0.redpanda.default.svc.cluster.local.:9643 + - redpanda-1.redpanda.default.svc.cluster.local.:9643 + - redpanda-2.redpanda.default.svc.cluster.local.:9643 tls: - ca_file: /etc/tls/certs/default/ca.crt + ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key enable_memory_locking: false kafka_api: brokers: @@ -126375,7 +126661,9 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 tls: - ca_file: /etc/tls/certs/default/ca.crt + ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key overprovisioned: false schema_registry: addresses: @@ -126383,7 +126671,9 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:8081 - redpanda-2.redpanda.default.svc.cluster.local.:8081 tls: - ca_file: /etc/tls/certs/default/ca.crt + ca_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key tune_aio_events: true schema_registry: schema_registry_api: @@ -126398,19 +126688,21 @@ data: enabled: true key_file: /etc/tls/certs/default/tls.key name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt + - cert_file: /etc/tls/certs/default/tls.crt enabled: true - key_file: /etc/tls/certs/external/tls.key + key_file: /etc/tls/certs/default/tls.key name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt schema_registry_client: broker_tls: + cert_file: /etc/tls/certs/default-client/tls.crt enabled: true - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt + key_file: /etc/tls/certs/default-client/tls.key + require_client_auth: true + truststore_file: /etc/truststores/configmaps/redpanda-company-cacrt-ca.crt brokers: - address: redpanda-0.redpanda.default.svc.cluster.local. port: 9093 @@ -126435,26 +126727,32 @@ data: profile: |- admin_api: addresses: - - redpanda-0:31644 - - redpanda-1:31644 - - redpanda-2:31644 + - redpanda-0.:9644 + - redpanda-1.:9644 + - redpanda-2.:9644 tls: ca_file: ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key kafka_api: brokers: - - redpanda-0:31092 - - redpanda-1:31092 - - redpanda-2:31092 + - redpanda-0.:9094 + - redpanda-1.:9094 + - redpanda-2.:9094 tls: ca_file: ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key name: default schema_registry: addresses: - - redpanda-0:30081 - - redpanda-1:30081 - - redpanda-2:30081 + - redpanda-0.:8084 + - redpanda-1.:8084 + - redpanda-2.:8084 tls: ca_file: ca.crt + cert_file: /etc/tls/certs/default-client/tls.crt + key_file: /etc/tls/certs/default-client/tls.key kind: ConfigMap metadata: labels: @@ -126477,21 +126775,27 @@ data: - redpanda-1.redpanda.default.svc.cluster.local.:9093 - redpanda-2.redpanda.default.svc.cluster.local.:9093 tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt + certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt enabled: true + keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key redpanda: adminApi: enabled: true tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt + certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt enabled: true + keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key urls: - - https://redpanda.default.svc.cluster.local.:9644 + - https://redpanda.default.svc.cluster.local.:9643 schemaRegistry: enabled: true tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + caFilepath: /etc/tls/certs/configmaps/redpanda-company-cacrt/ca.crt + certFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.crt enabled: true + keyFilepath: /etc/tls/certs/secrets/redpanda-admin-cert/tls.key urls: - https://redpanda-0.redpanda.default.svc.cluster.local.:8081 - https://redpanda-1.redpanda.default.svc.cluster.local.:8081 @@ -126645,81 +126949,1422 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - name: redpanda-external + monitoring.redpanda.com/enabled: "false" + name: redpanda + namespace: default +spec: + clusterIP: None + ports: + - appProtocol: null + name: admin + port: 9643 + protocol: TCP + targetPort: 9643 + - name: http + port: 8082 + protocol: TCP + targetPort: 8082 + - name: kafka + port: 9093 + protocol: TCP + targetPort: 9093 + - name: rpc + port: 33145 + protocol: TCP + targetPort: 33145 + - name: schemaregistry + port: 8081 + protocol: TCP + targetPort: 8081 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + type: ClusterIP +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-0. + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + repdanda.com/type: loadbalancer + name: lb-redpanda-0 namespace: default spec: externalTrafficPolicy: Local + loadBalancerSourceRanges: null ports: - - name: admin-default - nodePort: 31644 - port: 9645 + - appProtocol: null + name: admin-default + port: 9644 protocol: TCP - targetPort: 0 - - name: kafka-default - nodePort: 31092 + targetPort: 9644 + - appProtocol: null + name: kafka-default port: 9094 protocol: TCP - targetPort: 0 - - name: http-default - nodePort: 30082 + targetPort: 9094 + - appProtocol: null + name: http-default port: 8083 protocol: TCP - targetPort: 0 - - name: schema-default - nodePort: 30081 + targetPort: 8083 + - appProtocol: null + name: schema-default port: 8084 protocol: TCP - targetPort: 0 + targetPort: 8084 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda + statefulset.kubernetes.io/pod-name: redpanda-0 sessionAffinity: None - type: NodePort + type: LoadBalancer --- # Source: redpanda/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: - annotations: {} + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-1. labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: redpanda helm.sh/chart: redpanda-25.3.4 - monitoring.redpanda.com/enabled: "false" - name: redpanda + repdanda.com/type: loadbalancer + name: lb-redpanda-1 namespace: default spec: - clusterIP: None + externalTrafficPolicy: Local + loadBalancerSourceRanges: null ports: - appProtocol: null - name: admin + name: admin-default port: 9644 protocol: TCP targetPort: 9644 - - name: http - port: 8082 + - appProtocol: null + name: kafka-default + port: 9094 protocol: TCP - targetPort: 8082 - - name: kafka - port: 9093 + targetPort: 9094 + - appProtocol: null + name: http-default + port: 8083 protocol: TCP - targetPort: 9093 - - name: rpc - port: 33145 + targetPort: 8083 + - appProtocol: null + name: schema-default + port: 8084 protocol: TCP - targetPort: 33145 - - name: schemaregistry - port: 8081 + targetPort: 8084 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + statefulset.kubernetes.io/pod-name: redpanda-1 + sessionAffinity: None + type: LoadBalancer +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: redpanda-2. + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + repdanda.com/type: loadbalancer + name: lb-redpanda-2 + namespace: default +spec: + externalTrafficPolicy: Local + loadBalancerSourceRanges: null + ports: + - appProtocol: null + name: admin-default + port: 9644 protocol: TCP - targetPort: 8081 + targetPort: 9644 + - appProtocol: null + name: kafka-default + port: 9094 + protocol: TCP + targetPort: 9094 + - appProtocol: null + name: http-default + port: 8083 + protocol: TCP + targetPort: 8083 + - appProtocol: null + name: schema-default + port: 8084 + protocol: TCP + targetPort: 8084 publishNotReadyAddresses: true selector: app.kubernetes.io/instance: redpanda app.kubernetes.io/name: redpanda - type: ClusterIP + statefulset.kubernetes.io/pod-name: redpanda-2 + sessionAffinity: None + type: LoadBalancer +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: console + strategy: {} + template: + metadata: + annotations: + checksum/config: 6ca5d29cdbad9c70206c333f995591800e65c8f5b488f120e7f0f53b07ef07a2 + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: console + spec: + affinity: {} + automountServiceAccountToken: false + containers: + - args: + - --config.filepath=/etc/console/configs/config.yaml + command: null + env: null + envFrom: [] + image: docker.redpanda.com/redpandadata/console:v3.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: console + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + runAsNonRoot: true + volumeMounts: + - mountPath: /etc/console/configs + name: configs + readOnly: true + - mountPath: /etc/tls/certs + name: redpanda-certificates + imagePullSecrets: [] + initContainers: null + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 99 + fsGroupChangePolicy: Always + runAsUser: 99 + serviceAccountName: redpanda-console + tolerations: [] + topologySpreadConstraints: [] + volumes: + - configMap: + name: redpanda-console + name: configs + - name: redpanda-certificates + projected: + sources: + - secret: + items: + - key: tls.crt + path: secrets/redpanda-admin-cert/tls.crt + - key: tls.key + path: secrets/redpanda-admin-cert/tls.key + name: redpanda-admin-cert + - configMap: + items: + - key: ca.crt + path: configmaps/redpanda-company-cacrt/ca.crt + name: redpanda-company-cacrt +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda + namespace: default +spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + serviceName: redpanda + template: + metadata: + annotations: + config.redpanda.com/checksum: fdd568fce14c03b9695054c1af47af47e4736b226234742ad619c27a3046ee4f + labels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + helm.sh/chart: redpanda-25.3.4 + redpanda.com/poddisruptionbudget: redpanda + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + tcpSocket: + port: 9643 + name: redpanda + ports: + - containerPort: 9643 + name: admin + - containerPort: 9644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: 1 + memory: 2.5Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9643/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /etc/truststores + name: truststores + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - default + - --redpanda-cluster-name + - redpanda + - --selector=helm.sh/chart=redpanda-25.3.4,app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=redpanda + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9643 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 0 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + imagePullSecrets: [] + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + env: null + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + configMapKeyRef: null + fieldRef: + fieldPath: metadata.name + resourceFieldRef: null + secretKeyRef: null + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v25.3.13 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: redpanda-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + env: null + image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: redpanda + terminationGracePeriodSeconds: 90 + tolerations: [] + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/component: redpanda-statefulset + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-tls-cert + - name: redpanda-default-client-cert + secret: + defaultMode: 288 + secretName: redpanda-admin-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: redpanda-sts-lifecycle + - configMap: + name: redpanda + name: base-config + - emptyDir: {} + name: config + - name: redpanda-configurator + secret: + defaultMode: 509 + secretName: redpanda-configurator + - name: truststores + projected: + sources: + - configMap: + items: + - key: ca.crt + path: configmaps/redpanda-company-cacrt-ca.crt + name: redpanda-company-cacrt + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + annotations: null + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-5" + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-configuration + namespace: default +spec: + template: + metadata: + annotations: {} + generateName: redpanda-post- + labels: + app.kubernetes.io/component: redpanda-post-install + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda-configuration + spec: + automountServiceAccountToken: false + containers: + - command: + - /redpanda-operator + - sync-cluster-config + - --users-directory + - /etc/secrets/users + - --redpanda-yaml + - /tmp/base-config/redpanda.yaml + - --bootstrap-yaml + - /tmp/config/.bootstrap.yaml + env: null + image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + name: post-install + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /tmp/config + name: config + - mountPath: /tmp/base-config + name: base-config + imagePullSecrets: [] + initContainers: + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + env: null + image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + nodeSelector: {} + restartPolicy: Never + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: redpanda + tolerations: [] + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: redpanda-tls-cert + - name: redpanda-default-client-cert + secret: + defaultMode: 288 + secretName: redpanda-admin-cert + - configMap: + name: redpanda + name: base-config + - emptyDir: {} + name: config +-- testdata/TestTemplate/trust-stores-ca-enabled.yaml.golden -- +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda + namespace: default +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + redpanda.com/poddisruptionbudget: redpanda +--- +# Source: redpanda/charts/console/templates/entry-point.yaml +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-sts-lifecycle + namespace: default +stringData: + common.sh: |- + #!/usr/bin/env bash + + # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME + CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" + + # commands used throughout + CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" + + CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' + CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" + postStart.sh: |- + #!/usr/bin/env bash + # This code should be similar if not exactly the same as that found in the panda-operator, see + # https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go + + # path below should match the path defined on the statefulset + source /var/lifecycle/common.sh + + postStartHook () { + set -x + + touch /tmp/postStartHookStarted + + until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do + sleep 0.5 + done + + echo "Clearing maintenance mode on node ${NODE_ID}" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + # a 400 here would mean not in maintenance mode + until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do + status=$(${CURL_MAINTENANCE_DELETE_CMD}) + sleep 0.5 + done + + touch /tmp/postStartHookFinished + } + + postStartHook + true + preStop.sh: |- + #!/usr/bin/env bash + # This code should be similar if not exactly the same as that found in the panda-operator, see + # https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go + + touch /tmp/preStopHookStarted + + # path below should match the path defined on the statefulset + source /var/lifecycle/common.sh + + set -x + + preStopHook () { + until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do + sleep 0.5 + done + + echo "Setting maintenance mode on node ${NODE_ID}" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + until [ "${status:-}" = '"200"' ]; do + status=$(${CURL_MAINTENANCE_PUT_CMD}) + sleep 0.5 + done + + until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do + res=$(${CURL_MAINTENANCE_GET_CMD}) + finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$') + draining=$(echo $res | grep -o '\"draining\":[^,}]*' | grep -o '[^: ]*$') + sleep 0.5 + done + + touch /tmp/preStopHookFinished + } + preStopHook + true +type: Opaque +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-configurator + namespace: default +stringData: + configurator.sh: |- + set -xe + SERVICE_NAME=$1 + KUBERNETES_NODE_NAME=$2 + POD_ORDINAL=${SERVICE_NAME##*-} + BROKER_INDEX=`expr $POD_ORDINAL + 1` + + CONFIG=/etc/redpanda/redpanda.yaml + + # Setup config files + cp /tmp/base-config/redpanda.yaml "${CONFIG}" + + LISTENER="{\"address\":\"${SERVICE_NAME}.redpanda.default.svc.cluster.local.\",\"name\":\"internal\",\"port\":9093}" + rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[0] "$LISTENER" + + ADVERTISED_KAFKA_ADDRESSES=() + + PREFIX_TEMPLATE="" + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + + PREFIX_TEMPLATE="" + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + + PREFIX_TEMPLATE="" + ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") + + rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" + + LISTENER="{\"address\":\"${SERVICE_NAME}.redpanda.default.svc.cluster.local.\",\"name\":\"internal\",\"port\":8082}" + rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[0] "$LISTENER" + + ADVERTISED_HTTP_ADDRESSES=() + + PREFIX_TEMPLATE="" + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + + PREFIX_TEMPLATE="" + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + + PREFIX_TEMPLATE="" + ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") + + rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" +type: Opaque +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +data: + .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' + bootstrap.yaml.fixups: '[]' + redpanda.yaml: |- + config_file: /etc/redpanda/redpanda.yaml + pandaproxy: + pandaproxy_api: + - address: 0.0.0.0 + name: internal + port: 8082 + - address: 0.0.0.0 + name: default + port: 8083 + pandaproxy_api_tls: + - cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + name: internal + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt + pandaproxy_client: + broker_tls: + enabled: true + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + brokers: + - address: redpanda-0.redpanda.default.svc.cluster.local. + port: 9093 + - address: redpanda-1.redpanda.default.svc.cluster.local. + port: 9093 + - address: redpanda-2.redpanda.default.svc.cluster.local. + port: 9093 + redpanda: + admin: + - address: 0.0.0.0 + name: internal + port: 9644 + - address: 0.0.0.0 + name: default + port: 9645 + admin_api_tls: + - cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + name: internal + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt + crash_loop_limit: 5 + empty_seed_starts_cluster: false + kafka_api: + - address: 0.0.0.0 + name: internal + port: 9093 + - address: 0.0.0.0 + name: default + port: 9094 + kafka_api_tls: + - cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + name: internal + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt + rpc_server: + address: 0.0.0.0 + port: 33145 + rpc_server_tls: + cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + seed_servers: + - host: + address: redpanda-0.redpanda.default.svc.cluster.local. + port: 33145 + - host: + address: redpanda-1.redpanda.default.svc.cluster.local. + port: 33145 + - host: + address: redpanda-2.redpanda.default.svc.cluster.local. + port: 33145 + rpk: + additional_start_flags: + - --default-log-level=info + - --memory=2048M + - --reserve-memory=205M + - --smp=1 + admin_api: + addresses: + - redpanda-0.redpanda.default.svc.cluster.local.:9644 + - redpanda-1.redpanda.default.svc.cluster.local.:9644 + - redpanda-2.redpanda.default.svc.cluster.local.:9644 + tls: + ca_file: /etc/tls/certs/default/ca.crt + enable_memory_locking: false + kafka_api: + brokers: + - redpanda-0.redpanda.default.svc.cluster.local.:9093 + - redpanda-1.redpanda.default.svc.cluster.local.:9093 + - redpanda-2.redpanda.default.svc.cluster.local.:9093 + tls: + ca_file: /etc/tls/certs/default/ca.crt + overprovisioned: false + schema_registry: + addresses: + - redpanda-0.redpanda.default.svc.cluster.local.:8081 + - redpanda-1.redpanda.default.svc.cluster.local.:8081 + - redpanda-2.redpanda.default.svc.cluster.local.:8081 + tls: + ca_file: /etc/tls/certs/default/ca.crt + tune_aio_events: true + schema_registry: + schema_registry_api: + - address: 0.0.0.0 + name: internal + port: 8081 + - address: 0.0.0.0 + name: default + port: 8084 + schema_registry_api_tls: + - cert_file: /etc/tls/certs/default/tls.crt + enabled: true + key_file: /etc/tls/certs/default/tls.key + name: internal + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + - cert_file: /etc/tls/certs/external/tls.crt + enabled: true + key_file: /etc/tls/certs/external/tls.key + name: default + require_client_auth: false + truststore_file: /etc/tls/certs/external/ca.crt + schema_registry_client: + broker_tls: + enabled: true + require_client_auth: false + truststore_file: /etc/tls/certs/default/ca.crt + brokers: + - address: redpanda-0.redpanda.default.svc.cluster.local. + port: 9093 + - address: redpanda-1.redpanda.default.svc.cluster.local. + port: 9093 + - address: redpanda-2.redpanda.default.svc.cluster.local. + port: 9093 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +data: + profile: |- + admin_api: + addresses: + - redpanda-0:31644 + - redpanda-1:31644 + - redpanda-2:31644 + tls: + ca_file: ca.crt + kafka_api: + brokers: + - redpanda-0:31092 + - redpanda-1:31092 + - redpanda-2:31092 + tls: + ca_file: ca.crt + name: default + schema_registry: + addresses: + - redpanda-0:30081 + - redpanda-1:30081 + - redpanda-2:30081 + tls: + ca_file: ca.crt +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-rpk + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +data: + config.yaml: | + # from .Values.config + kafka: + brokers: + - redpanda-0.redpanda.default.svc.cluster.local.:9093 + - redpanda-1.redpanda.default.svc.cluster.local.:9093 + - redpanda-2.redpanda.default.svc.cluster.local.:9093 + tls: + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + enabled: true + redpanda: + adminApi: + enabled: true + tls: + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + enabled: true + urls: + - https://redpanda.default.svc.cluster.local.:9644 + schemaRegistry: + enabled: true + tls: + caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt + enabled: true + urls: + - https://redpanda-0.redpanda.default.svc.cluster.local.:8081 + - https://redpanda-1.redpanda.default.svc.cluster.local.:8081 + - https://redpanda-2.redpanda.default.svc.cluster.local.:8081 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-rpk-debug-bundle + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-sidecar + namespace: default +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-rpk-debug-bundle + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redpanda-rpk-debug-bundle +subjects: +- kind: ServiceAccount + name: redpanda + namespace: default +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-sidecar + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redpanda-sidecar +subjects: +- kind: ServiceAccount + name: redpanda + namespace: default +--- +# Source: redpanda/charts/console/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: redpanda-console + namespace: default +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 0 + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: console + type: ClusterIP +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + name: redpanda-external + namespace: default +spec: + externalTrafficPolicy: Local + ports: + - name: admin-default + nodePort: 31644 + port: 9645 + protocol: TCP + targetPort: 0 + - name: kafka-default + nodePort: 31092 + port: 9094 + protocol: TCP + targetPort: 0 + - name: http-default + nodePort: 30082 + port: 8083 + protocol: TCP + targetPort: 0 + - name: schema-default + nodePort: 30081 + port: 8084 + protocol: TCP + targetPort: 0 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + sessionAffinity: None + type: NodePort +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.4 + monitoring.redpanda.com/enabled: "false" + name: redpanda + namespace: default +spec: + clusterIP: None + ports: + - appProtocol: null + name: admin + port: 9644 + protocol: TCP + targetPort: 9644 + - name: http + port: 8082 + protocol: TCP + targetPort: 8082 + - name: kafka + port: 9093 + protocol: TCP + targetPort: 9093 + - name: rpc + port: 33145 + protocol: TCP + targetPort: 33145 + - name: schemaregistry + port: 8081 + protocol: TCP + targetPort: 8081 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: redpanda + app.kubernetes.io/name: redpanda + type: ClusterIP --- # Source: redpanda/templates/entry-point.yaml apiVersion: apps/v1 @@ -127030,6 +128675,8 @@ spec: name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c diff --git a/operator/internal/lifecycle/testdata/cases.pools.golden.txtar b/operator/internal/lifecycle/testdata/cases.pools.golden.txtar index e129e12f5..0e145c90d 100644 --- a/operator/internal/lifecycle/testdata/cases.pools.golden.txtar +++ b/operator/internal/lifecycle/testdata/cases.pools.golden.txtar @@ -217,6 +217,8 @@ name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -1348,6 +1350,8 @@ name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -1704,6 +1708,8 @@ name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -2059,6 +2065,8 @@ name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c @@ -2414,6 +2422,8 @@ name: redpanda-external-cert - mountPath: /etc/redpanda name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir - command: - /bin/bash - -c diff --git a/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar b/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar new file mode 100644 index 000000000..92cfb7472 --- /dev/null +++ b/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar @@ -0,0 +1,1504 @@ +-- basic-test -- +[] +-- compat-test -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a + app.kubernetes.io/instance: compat-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/namespace: compat-test + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: basic-a + cluster.redpanda.com/owner: compat-test + name: compat-test-basic-a + namespace: compat-test + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + serviceName: compat-test + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: compat-test + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=basic-a-$(ORDINAL_NUMBER).compat-test:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v26.1.1 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - compat-test + - --redpanda-cluster-name + - compat-test + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=compat-test + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).compat-test.compat-test.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: compat-test-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: compat-test + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: compat-test-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: compat-test-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: compat-test-sts-lifecycle + - configMap: + name: compat-test-basic-a + name: base-config + - emptyDir: {} + name: config + - name: compat-test-configurator + secret: + defaultMode: 509 + secretName: compat-test-basic-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b + app.kubernetes.io/instance: compat-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/namespace: compat-test + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: basic-b + cluster.redpanda.com/owner: compat-test + name: compat-test-basic-b + namespace: compat-test + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + serviceName: compat-test + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: compat-test + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=basic-b-$(ORDINAL_NUMBER).compat-test:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v26.1.1 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: localhost/test:dev + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - compat-test + - --redpanda-cluster-name + - compat-test + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=compat-test + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).compat-test.compat-test.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: localhost/test:dev + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: compat-test-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: localhost/test:dev + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: compat-test + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: compat-test-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: compat-test-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: compat-test-sts-lifecycle + - configMap: + name: compat-test-basic-b + name: base-config + - emptyDir: {} + name: config + - name: compat-test-configurator + secret: + defaultMode: 509 + secretName: compat-test-basic-b-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: compat-test + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- nodepool-basic-test -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/namespace: nodepool-basic-test + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: basic-a + cluster.redpanda.com/owner: nodepool-basic-test + name: nodepool-basic-test-basic-a + namespace: nodepool-basic-test + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + serviceName: nodepool-basic-test + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: nodepool-basic-test + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=basic-a-$(ORDINAL_NUMBER).nodepool-basic-test:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v26.1.1 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - nodepool-basic-test + - --redpanda-cluster-name + - nodepool-basic-test + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=nodepool-basic-test + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: nodepool-basic-test-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: nodepool-basic-test + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-a-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: nodepool-basic-test-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: nodepool-basic-test-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: nodepool-basic-test-sts-lifecycle + - configMap: + name: nodepool-basic-test-basic-a + name: base-config + - emptyDir: {} + name: config + - name: nodepool-basic-test-configurator + secret: + defaultMode: 509 + secretName: nodepool-basic-test-basic-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/namespace: nodepool-basic-test + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: basic-b + cluster.redpanda.com/owner: nodepool-basic-test + name: nodepool-basic-test-basic-b + namespace: nodepool-basic-test + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + serviceName: nodepool-basic-test + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: nodepool-basic-test + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=basic-b-$(ORDINAL_NUMBER).nodepool-basic-test:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v26.1.1 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: localhost/test:dev + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - nodepool-basic-test + - --redpanda-cluster-name + - nodepool-basic-test + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=nodepool-basic-test + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: localhost/test:dev + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: nodepool-basic-test-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: localhost/test:dev + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: nodepool-basic-test + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: "" + app.kubernetes.io/component: redpanda-basic-b-statefulset + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: nodepool-basic-test-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: nodepool-basic-test-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: nodepool-basic-test-sts-lifecycle + - configMap: + name: nodepool-basic-test-basic-b + name: base-config + - emptyDir: {} + name: config + - name: nodepool-basic-test-configurator + secret: + defaultMode: 509 + secretName: nodepool-basic-test-basic-b-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: nodepool-basic-test + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 diff --git a/operator/multicluster/statefulset_init.go b/operator/multicluster/statefulset_init.go new file mode 100644 index 000000000..219f0c3a5 --- /dev/null +++ b/operator/multicluster/statefulset_init.go @@ -0,0 +1,232 @@ +// Copyright 2026 Redpanda Data, Inc. +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.md +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0 + +package multicluster + +import ( + "fmt" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/utils/ptr" + + redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" +) + +// statefulSetInitContainers returns the init containers for the StatefulSet. +func statefulSetInitContainers(state *RenderState, pool *redpandav1alpha2.NodePool) []corev1.Container { + var containers []corev1.Container + + if state.Spec().Tuning.IsTuneAioEventsEnabled() { + containers = append(containers, statefulSetInitContainerTuning(state, pool)) + } + + if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.SetDataDirOwnership.IsEnabled() { + containers = append(containers, statefulSetInitContainerSetDataDirOwnership(state, pool)) + } + + if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.FSValidator.IsEnabled() { + containers = append(containers, statefulSetInitContainerFSValidator(state, pool)) + } + + if state.Spec().TieredMountType() != "none" { + containers = append(containers, statefulSetInitContainerSetTieredStorageCacheDirOwnership(state, pool)) + } + + containers = append(containers, statefulSetInitContainerConfigurator(state, pool)) + + // Compute bootstrap env vars needed by the envsubst init container. + bootstrap := bootstrapContents(state) + containers = append(containers, bootstrapYamlTemplater(pool, bootstrap.envVars)) + + return containers +} + +func statefulSetInitContainerTuning(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { + return corev1.Container{ + Name: redpandaTuningContainerName, + Image: pool.RedpandaImage(), + Command: []string{`/bin/bash`, `-c`, `rpk redpanda tune all`}, + SecurityContext: &corev1.SecurityContext{ + Capabilities: &corev1.Capabilities{ + Add: []corev1.Capability{`SYS_RESOURCE`}, + }, + Privileged: ptr.To(true), + RunAsNonRoot: ptr.To(false), + RunAsUser: ptr.To(int64(0)), + RunAsGroup: ptr.To(int64(0)), + }, + VolumeMounts: append( + state.commonMounts(), + corev1.VolumeMount{Name: baseConfigVolumeName, MountPath: redpandaConfigMountPath}, + corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, + ), + } +} + +func statefulSetInitContainerSetDataDirOwnership(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { + return corev1.Container{ + Name: setDataDirectoryOwnershipContainerName, + Image: pool.InitImage(), + Command: []string{`/bin/sh`, `-c`, fmt.Sprintf(`chown %d:%d -R %s`, redpandaUserID, redpandaGroupID, datadirMountPath)}, + SecurityContext: &corev1.SecurityContext{ + RunAsUser: ptr.To[int64](0), + RunAsGroup: ptr.To[int64](0), + }, + VolumeMounts: append( + state.commonMounts(), + corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, + ), + } +} + +func statefulSetInitContainerFSValidator(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { + var fsValidator *redpandav1alpha2.PoolFSValidator + if pool.Spec.InitContainers != nil { + fsValidator = pool.Spec.InitContainers.FSValidator + } + expectedFS := fsValidator.GetExpectedFS() + + return corev1.Container{ + Name: fsValidatorContainerName, + Image: pool.RedpandaImage(), + Command: []string{`/bin/sh`}, + Args: []string{ + `-c`, + fmt.Sprintf(`trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh %s & wait $!`, expectedFS), + }, + VolumeMounts: append( + state.commonMounts(), + corev1.VolumeMount{Name: fmt.Sprintf(`%.49s-fs-validator`, state.fullname()), MountPath: `/etc/secrets/fs-validator/scripts/`}, + corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, + ), + } +} + +func statefulSetInitContainerConfigurator(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { + volMounts := state.commonMounts() + volMounts = append(volMounts, + corev1.VolumeMount{Name: configVolumeName, MountPath: redpandaConfigMountPath}, + corev1.VolumeMount{Name: baseConfigVolumeName, MountPath: baseConfigMountPath}, + corev1.VolumeMount{Name: fmt.Sprintf(`%.51s-configurator`, state.fullname()), MountPath: "/etc/secrets/configurator/scripts/"}, + ) + + if state.Spec().RackAwareness.IsEnabled() { + volMounts = append(volMounts, corev1.VolumeMount{ + Name: serviceAccountVolumeName, + MountPath: defaultAPITokenMountPath, + ReadOnly: true, + }) + } + + return corev1.Container{ + Name: redpandaConfiguratorContainerName, + Image: pool.RedpandaImage(), + Command: []string{ + `/bin/bash`, `-c`, + `trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" & wait $!`, + }, + Env: []corev1.EnvVar{ + {Name: "CONFIGURATOR_SCRIPT", Value: "/etc/secrets/configurator/scripts/configurator.sh"}, + { + Name: "SERVICE_NAME", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.name"}, + }, + }, + { + Name: "KUBERNETES_NODE_NAME", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{FieldPath: "spec.nodeName"}, + }, + }, + { + Name: "HOST_IP_ADDRESS", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "status.hostIP"}, + }, + }, + }, + VolumeMounts: volMounts, + } +} + +// bootstrapYamlTemplater returns an init container that templates environment variables +// into bootstrap.yaml. +func bootstrapYamlTemplater(pool *redpandav1alpha2.NodePool, envVars []corev1.EnvVar) corev1.Container { + image := pool.SidecarImage() + + var cliArgs []string + if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.Configurator != nil { + cliArgs = pool.Spec.InitContainers.Configurator.AdditionalCLIArgs + } + + return corev1.Container{ + Name: "bootstrap-yaml-envsubst", + Image: image, + Command: append([]string{ + "/redpanda-operator", + "bootstrap", + "--in-dir", baseConfigMountPath, + "--out-dir", "/tmp/config", + }, cliArgs...), + Env: envVars, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("125Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("125Mi"), + }, + }, + VolumeMounts: []corev1.VolumeMount{ + {Name: configVolumeName, MountPath: "/tmp/config/"}, + {Name: baseConfigVolumeName, MountPath: baseConfigMountPath + "/"}, + }, + SecurityContext: &corev1.SecurityContext{ + AllowPrivilegeEscalation: ptr.To(false), + ReadOnlyRootFilesystem: ptr.To(true), + RunAsNonRoot: ptr.To(true), + }, + } +} + +// statefulSetInitContainerSetTieredStorageCacheDirOwnership returns an init container +// that creates and chowns the tiered storage cache directory. +func statefulSetInitContainerSetTieredStorageCacheDirOwnership(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { + cacheDir := state.Spec().TieredCacheDirectory() + + volMounts := state.commonMounts() + volMounts = append(volMounts, + corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, + ) + mountType := state.Spec().TieredMountType() + if mountType != "none" { + volMounts = append(volMounts, corev1.VolumeMount{ + Name: state.Spec().TieredStorageVolumeName(), + MountPath: cacheDir, + }) + } + + return corev1.Container{ + Name: "set-tiered-storage-cache-dir-ownership", + Image: pool.InitImage(), + Command: []string{ + "/bin/sh", "-c", + fmt.Sprintf("mkdir -p %s; chown %d:%d -R %s", cacheDir, redpandaUserID, redpandaGroupID, cacheDir), + }, + SecurityContext: &corev1.SecurityContext{ + RunAsUser: ptr.To[int64](0), + RunAsGroup: ptr.To[int64](0), + }, + VolumeMounts: volMounts, + } +} diff --git a/operator/multicluster/testdata/render-cases.pools.golden.txtar b/operator/multicluster/testdata/render-cases.pools.golden.txtar new file mode 100644 index 000000000..200f51cf7 --- /dev/null +++ b/operator/multicluster/testdata/render-cases.pools.golden.txtar @@ -0,0 +1,12280 @@ +-- audit-logging -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: audit-logging-pool-a + namespace: audit-logging + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/name: redpanda + serviceName: audit-logging + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: audit-logging + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).audit-logging:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.audit-logging.audit-logging.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.audit-logging.audit-logging.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - audit-logging + - --redpanda-cluster-name + - audit-logging + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=audit-logging + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).audit-logging.audit-logging.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: audit-logging-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: audit-logging + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: audit-logging-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: audit-logging-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: audit-logging-sts-lifecycle + - configMap: + name: audit-logging-pool-a + name: base-config + - emptyDir: {} + name: config + - name: audit-logging-configurator + secret: + defaultMode: 509 + secretName: audit-logging-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: audit-logging + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- common-labels -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: common-labels + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + env: staging + team: platform + name: common-labels-pool-a + namespace: common-labels + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: common-labels + app.kubernetes.io/name: redpanda + serviceName: common-labels + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: common-labels + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + env: staging + redpanda.com/poddisruptionbudget: common-labels + team: platform + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: common-labels + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).common-labels:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.common-labels.common-labels.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.common-labels.common-labels.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - common-labels + - --redpanda-cluster-name + - common-labels + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=common-labels + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).common-labels.common-labels.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: common-labels-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: common-labels + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: common-labels + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: common-labels-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: common-labels-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: common-labels-sts-lifecycle + - configMap: + name: common-labels-pool-a + name: base-config + - emptyDir: {} + name: config + - name: common-labels-configurator + secret: + defaultMode: 509 + secretName: common-labels-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: common-labels + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- custom-cluster-domain -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: custom-cluster-domain-pool-a + namespace: custom-cluster-domain + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/name: redpanda + serviceName: custom-cluster-domain + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: custom-cluster-domain + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-cluster-domain:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - custom-cluster-domain + - --redpanda-cluster-name + - custom-cluster-domain + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-cluster-domain + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: custom-cluster-domain-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: custom-cluster-domain + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: custom-cluster-domain-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: custom-cluster-domain-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: custom-cluster-domain-sts-lifecycle + - configMap: + name: custom-cluster-domain-pool-a + name: base-config + - emptyDir: {} + name: config + - name: custom-cluster-domain-configurator + secret: + defaultMode: 509 + secretName: custom-cluster-domain-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: custom-cluster-domain + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- custom-config -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: custom-config + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: custom-config-pool-a + namespace: custom-config + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-config + app.kubernetes.io/name: redpanda + serviceName: custom-config + template: + metadata: + annotations: + config.redpanda.com/checksum: 2ff60a749b20db7d64dc692490f0cfcc2ea8e26e36bcc43c53f5ab28532a7b54 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-config + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: custom-config + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-config + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-config:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.custom-config.custom-config.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-config.custom-config.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - custom-config + - --redpanda-cluster-name + - custom-config + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-config + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).custom-config.custom-config.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: custom-config-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: custom-config + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-config + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: custom-config-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: custom-config-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: custom-config-sts-lifecycle + - configMap: + name: custom-config-pool-a + name: base-config + - emptyDir: {} + name: config + - name: custom-config-configurator + secret: + defaultMode: 509 + secretName: custom-config-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: custom-config + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- custom-image -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: custom-image + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: custom-image-pool-a + namespace: custom-image + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-image + app.kubernetes.io/name: redpanda + serviceName: custom-image + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-image + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: custom-image + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-image + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-image:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: custom-registry.example.com/operator:v24.3.1 + image: custom-registry.example.com/redpanda:v24.3.1 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.custom-image.custom-image.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-image.custom-image.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - custom-image + - --redpanda-cluster-name + - custom-image + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-image + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).custom-image.custom-image.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: custom-registry.example.com/operator:v24.3.1 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + imagePullSecrets: + - name: regcred + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: custom-registry.example.com/redpanda:v24.3.1 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: custom-registry.example.com/redpanda:v24.3.1 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: custom-image-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: custom-registry.example.com/operator:v24.3.1 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: custom-image + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-image + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: custom-image-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: custom-image-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: custom-image-sts-lifecycle + - configMap: + name: custom-image-pool-a + name: base-config + - emptyDir: {} + name: config + - name: custom-image-configurator + secret: + defaultMode: 509 + secretName: custom-image-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: custom-image + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- custom-resources -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: custom-resources-pool-a + namespace: custom-resources + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/name: redpanda + serviceName: custom-resources + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: custom-resources + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-resources:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.custom-resources.custom-resources.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "4" + memory: 8Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-resources.custom-resources.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - custom-resources + - --redpanda-cluster-name + - custom-resources + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-resources + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).custom-resources.custom-resources.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: custom-resources-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: custom-resources + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: custom-resources-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: custom-resources-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: custom-resources-sts-lifecycle + - configMap: + name: custom-resources-pool-a + name: base-config + - emptyDir: {} + name: config + - name: custom-resources-configurator + secret: + defaultMode: 509 + secretName: custom-resources-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- custom-resources-explicit -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: custom-resources-explicit-pool-a + namespace: custom-resources-explicit + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/name: redpanda + serviceName: custom-resources-explicit + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: custom-resources-explicit + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-resources-explicit:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "4" + memory: 8Gi + requests: + cpu: "2" + memory: 4Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - custom-resources-explicit + - --redpanda-cluster-name + - custom-resources-explicit + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-resources-explicit + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: custom-resources-explicit-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: custom-resources-explicit + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: custom-resources-explicit-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: custom-resources-explicit-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: custom-resources-explicit-sts-lifecycle + - configMap: + name: custom-resources-explicit-pool-a + name: base-config + - emptyDir: {} + name: config + - name: custom-resources-explicit-configurator + secret: + defaultMode: 509 + secretName: custom-resources-explicit-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: custom-resources-explicit + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- enterprise -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: enterprise + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: enterprise-pool-a + namespace: enterprise + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: enterprise + app.kubernetes.io/name: redpanda + serviceName: enterprise + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: enterprise + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: enterprise + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: enterprise + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).enterprise:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.enterprise.enterprise.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.enterprise.enterprise.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - enterprise + - --redpanda-cluster-name + - enterprise + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=enterprise + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).enterprise.enterprise.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: enterprise-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: enterprise + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: enterprise + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: enterprise-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: enterprise-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: enterprise-sts-lifecycle + - configMap: + name: enterprise-pool-a + name: base-config + - emptyDir: {} + name: config + - name: enterprise-configurator + secret: + defaultMode: 509 + secretName: enterprise-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: enterprise + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- external-loadbalancer -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: external-loadbalancer-pool-a + namespace: external-loadbalancer + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/name: redpanda + serviceName: external-loadbalancer + template: + metadata: + annotations: + config.redpanda.com/checksum: 6b75a3b044743b3d7c588d59ac3a6e32af736a3f690c711bd1adfd16e9d970b2 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: external-loadbalancer + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-loadbalancer:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 30644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 30082 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 30092 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 30081 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - external-loadbalancer + - --redpanda-cluster-name + - external-loadbalancer + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-loadbalancer + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: external-loadbalancer-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: external-loadbalancer + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: external-loadbalancer-default-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: external-loadbalancer-sts-lifecycle + - configMap: + name: external-loadbalancer-pool-a + name: base-config + - emptyDir: {} + name: config + - name: external-loadbalancer-configurator + secret: + defaultMode: 509 + secretName: external-loadbalancer-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: external-loadbalancer + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- external-nodeport -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: external-nodeport-pool-a + namespace: external-nodeport + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/name: redpanda + serviceName: external-nodeport + template: + metadata: + annotations: + config.redpanda.com/checksum: b150b8294c144a808614e5a5697f52a9ac58f6358a6b8fc194f9896062d4064a + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: external-nodeport + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-nodeport:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.external-nodeport.external-nodeport.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 31644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 31092 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-nodeport.external-nodeport.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - external-nodeport + - --redpanda-cluster-name + - external-nodeport + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-nodeport + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).external-nodeport.external-nodeport.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: external-nodeport-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: external-nodeport + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: external-nodeport-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: external-nodeport-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: external-nodeport-sts-lifecycle + - configMap: + name: external-nodeport-pool-a + name: base-config + - emptyDir: {} + name: config + - name: external-nodeport-configurator + secret: + defaultMode: 509 + secretName: external-nodeport-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: external-nodeport + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- external-tls -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: external-tls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: external-tls-pool-a + namespace: external-tls + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-tls + app.kubernetes.io/name: redpanda + serviceName: external-tls + template: + metadata: + annotations: + config.redpanda.com/checksum: 47eac106a7064a92dc868c1f45fd518e605004c1e0cb257fe7dfda9cddc65719 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-tls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: external-tls + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-tls + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-tls:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.external-tls.external-tls.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 30644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 30082 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 30092 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 30081 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-tls.external-tls.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - external-tls + - --redpanda-cluster-name + - external-tls + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-tls + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).external-tls.external-tls.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: external-tls-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: external-tls + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: external-tls + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: external-tls-default-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: external-tls-sts-lifecycle + - configMap: + name: external-tls-pool-a + name: base-config + - emptyDir: {} + name: config + - name: external-tls-configurator + secret: + defaultMode: 509 + secretName: external-tls-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: external-tls + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- full-featured -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-cold + app.kubernetes.io/instance: full-featured + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-cold + team: data-platform + name: full-featured-pool-cold + namespace: full-featured + spec: + podManagementPolicy: Parallel + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-cold-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: cold + serviceName: full-featured + template: + metadata: + annotations: + config.redpanda.com/checksum: 087e00eae7054984bc2d23b7669521bf620651e34cd8065c174d285c96af1851 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-cold-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: full-featured + team: data-platform + tier: cold + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-cold-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: cold + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-cold-$(ORDINAL_NUMBER).full-featured:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + - name: RPK_USER + value: kubernetes-controller + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: full-featured-bootstrap-user + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 30644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 30082 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 30092 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 30081 + name: schema-default + resources: + limits: + cpu: "8" + memory: 16Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - full-featured + - --redpanda-cluster-name + - full-featured + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=full-featured + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).full-featured.full-featured.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R + /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: full-featured-configurator + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: full-featured + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-cold-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: cold + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: full-featured-default-cert + - name: users + secret: + secretName: users-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: full-featured-sts-lifecycle + - configMap: + name: full-featured-pool-cold + name: base-config + - emptyDir: {} + name: config + - name: full-featured-configurator + secret: + defaultMode: 509 + secretName: full-featured-pool-cold-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: fast-ssd + status: {} + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: gp3 + status: {} + status: + availableReplicas: 0 + replicas: 0 +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-hot + app.kubernetes.io/instance: full-featured + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-hot + team: data-platform + name: full-featured-pool-hot + namespace: full-featured + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-hot-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: hot + serviceName: full-featured + template: + metadata: + annotations: + config.redpanda.com/checksum: 087e00eae7054984bc2d23b7669521bf620651e34cd8065c174d285c96af1851 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-hot-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: full-featured + team: data-platform + tier: hot + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-hot-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: hot + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-hot-$(ORDINAL_NUMBER).full-featured:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + - name: RPK_USER + value: kubernetes-controller + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: full-featured-bootstrap-user + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 30644 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 30082 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 30092 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 30081 + name: schema-default + resources: + limits: + cpu: "8" + memory: 16Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - full-featured + - --redpanda-cluster-name + - full-featured + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=full-featured + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).full-featured.full-featured.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh + xfs & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: fs-validator + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/secrets/fs-validator/scripts/ + name: full-featured-fs-validator + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R + /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: full-featured-configurator + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: full-featured + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-hot-statefulset + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + tier: hot + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: full-featured-default-cert + - name: users + secret: + secretName: users-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: full-featured-sts-lifecycle + - configMap: + name: full-featured-pool-hot + name: base-config + - emptyDir: {} + name: config + - name: full-featured-configurator + secret: + defaultMode: 509 + secretName: full-featured-pool-hot-configurator + - name: full-featured-fs-validator + secret: + defaultMode: 509 + secretName: full-featured-pool-hot-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: fast-ssd + status: {} + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: full-featured + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: gp3 + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- init-containers -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: init-containers + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: init-containers-pool-a + namespace: init-containers + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: init-containers + app.kubernetes.io/name: redpanda + serviceName: init-containers + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: init-containers + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: init-containers + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: init-containers + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).init-containers:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.init-containers.init-containers.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.init-containers.init-containers.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - init-containers + - --redpanda-cluster-name + - init-containers + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=init-containers + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).init-containers.init-containers.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - chown 101:101 -R /var/lib/redpanda/data + image: busybox:latest + name: set-datadir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - args: + - -c + - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh + ext4 & wait $! + command: + - /bin/sh + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: fs-validator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/secrets/fs-validator/scripts/ + name: init-containers-fs-validator + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: init-containers-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: init-containers + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: init-containers + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: init-containers-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: init-containers-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: init-containers-sts-lifecycle + - configMap: + name: init-containers-pool-a + name: base-config + - emptyDir: {} + name: config + - name: init-containers-configurator + secret: + defaultMode: 509 + secretName: init-containers-pool-a-configurator + - name: init-containers-fs-validator + secret: + defaultMode: 509 + secretName: init-containers-pool-a-fs-validator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: init-containers + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- memory-locking -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: memory-locking-pool-a + namespace: memory-locking + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/name: redpanda + serviceName: memory-locking + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: memory-locking + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).memory-locking:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.memory-locking.memory-locking.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "2" + memory: 4Gi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.memory-locking.memory-locking.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - memory-locking + - --redpanda-cluster-name + - memory-locking + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=memory-locking + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).memory-locking.memory-locking.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: memory-locking-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: memory-locking + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: memory-locking-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: memory-locking-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: memory-locking-sts-lifecycle + - configMap: + name: memory-locking-pool-a + name: base-config + - emptyDir: {} + name: config + - name: memory-locking-configurator + secret: + defaultMode: 509 + secretName: memory-locking-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: memory-locking + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- minimal -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: minimal + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: minimal-pool-a + namespace: minimal + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: minimal + app.kubernetes.io/name: redpanda + serviceName: minimal + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: minimal + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: minimal + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: minimal + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).minimal:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.minimal.minimal.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.minimal.minimal.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - minimal + - --redpanda-cluster-name + - minimal + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=minimal + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).minimal.minimal.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: minimal-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: minimal + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: minimal + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: minimal-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: minimal-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: minimal-sts-lifecycle + - configMap: + name: minimal-pool-a + name: base-config + - emptyDir: {} + name: config + - name: minimal-configurator + secret: + defaultMode: 509 + secretName: minimal-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: minimal + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- monitoring -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: monitoring + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: monitoring-pool-a + namespace: monitoring + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: monitoring + app.kubernetes.io/name: redpanda + serviceName: monitoring + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: monitoring + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: monitoring + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: monitoring + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).monitoring:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.monitoring.monitoring.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.monitoring.monitoring.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - monitoring + - --redpanda-cluster-name + - monitoring + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=monitoring + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).monitoring.monitoring.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: monitoring-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: monitoring + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: monitoring + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: monitoring-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: monitoring-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: monitoring-sts-lifecycle + - configMap: + name: monitoring-pool-a + name: base-config + - emptyDir: {} + name: config + - name: monitoring-configurator + secret: + defaultMode: 509 + secretName: monitoring-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: monitoring + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- multi-pool -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: multi-pool-pool-a + namespace: multi-pool + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + serviceName: multi-pool + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: multi-pool + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).multi-pool:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - multi-pool + - --redpanda-cluster-name + - multi-pool + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=multi-pool + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).multi-pool.multi-pool.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: multi-pool-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: multi-pool + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: multi-pool-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: multi-pool-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: multi-pool-sts-lifecycle + - configMap: + name: multi-pool-pool-a + name: base-config + - emptyDir: {} + name: config + - name: multi-pool-configurator + secret: + defaultMode: 509 + secretName: multi-pool-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-b + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-b + name: multi-pool-pool-b + namespace: multi-pool + spec: + podManagementPolicy: Parallel + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-b-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + pool-type: hot-storage + serviceName: multi-pool + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-b-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + pool-type: hot-storage + redpanda.com/poddisruptionbudget: multi-pool + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-b-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + pool-type: hot-storage + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-b-$(ORDINAL_NUMBER).multi-pool:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - multi-pool + - --redpanda-cluster-name + - multi-pool + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=multi-pool + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).multi-pool.multi-pool.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: multi-pool-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: multi-pool + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-b-statefulset + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + pool-type: hot-storage + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: multi-pool-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: multi-pool-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: multi-pool-sts-lifecycle + - configMap: + name: multi-pool-pool-b + name: base-config + - emptyDir: {} + name: config + - name: multi-pool-configurator + secret: + defaultMode: 509 + secretName: multi-pool-pool-b-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: multi-pool + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- per-pod-service-overrides -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: per-pod-service-overrides-pool-a + namespace: per-pod-service-overrides + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/name: redpanda + serviceName: per-pod-service-overrides + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: per-pod-service-overrides + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).per-pod-service-overrides:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - per-pod-service-overrides + - --redpanda-cluster-name + - per-pod-service-overrides + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=per-pod-service-overrides + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: per-pod-service-overrides-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: per-pod-service-overrides + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: per-pod-service-overrides-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: per-pod-service-overrides-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: per-pod-service-overrides-sts-lifecycle + - configMap: + name: per-pod-service-overrides-pool-a + name: base-config + - emptyDir: {} + name: config + - name: per-pod-service-overrides-configurator + secret: + defaultMode: 509 + secretName: per-pod-service-overrides-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: per-pod-service-overrides + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- per-pod-service-remote-disabled -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: per-pod-service-remote-disabled-pool-a + namespace: per-pod-service-remote-disabled + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/name: redpanda + serviceName: per-pod-service-remote-disabled + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: per-pod-service-remote-disabled + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).per-pod-service-remote-disabled:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - per-pod-service-remote-disabled + - --redpanda-cluster-name + - per-pod-service-remote-disabled + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=per-pod-service-remote-disabled + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: per-pod-service-remote-disabled-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: per-pod-service-remote-disabled + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: per-pod-service-remote-disabled-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: per-pod-service-remote-disabled-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: per-pod-service-remote-disabled-sts-lifecycle + - configMap: + name: per-pod-service-remote-disabled-pool-a + name: base-config + - emptyDir: {} + name: config + - name: per-pod-service-remote-disabled-configurator + secret: + defaultMode: 509 + secretName: per-pod-service-remote-disabled-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: per-pod-service-remote-disabled + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- rack-awareness -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: rack-awareness-pool-a + namespace: rack-awareness + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/name: redpanda + serviceName: rack-awareness + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: rack-awareness + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).rack-awareness:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.rack-awareness.rack-awareness.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.rack-awareness.rack-awareness.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - rack-awareness + - --redpanda-cluster-name + - rack-awareness + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=rack-awareness + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).rack-awareness.rack-awareness.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: rack-awareness-configurator + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: rack-awareness + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: rack-awareness-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: rack-awareness-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: rack-awareness-sts-lifecycle + - configMap: + name: rack-awareness-pool-a + name: base-config + - emptyDir: {} + name: config + - name: rack-awareness-configurator + secret: + defaultMode: 509 + secretName: rack-awareness-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: rack-awareness + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- sasl-scram256 -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: sasl-scram256-pool-a + namespace: sasl-scram256 + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/name: redpanda + serviceName: sasl-scram256 + template: + metadata: + annotations: + config.redpanda.com/checksum: aa39a27780f052f325cc8380a54fbcc1579cb147c42865a9be31cc30790e7911 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: sasl-scram256 + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).sasl-scram256:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + - name: RPK_USER + value: kubernetes-controller + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: sasl-scram256-bootstrap-user + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-256 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.sasl-scram256.sasl-scram256.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.sasl-scram256.sasl-scram256.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - sasl-scram256 + - --redpanda-cluster-name + - sasl-scram256 + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=sasl-scram256 + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).sasl-scram256.sasl-scram256.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: sasl-scram256-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: sasl-scram256 + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: sasl-scram256-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: sasl-scram256-external-cert + - name: users + secret: + secretName: users-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: sasl-scram256-sts-lifecycle + - configMap: + name: sasl-scram256-pool-a + name: base-config + - emptyDir: {} + name: config + - name: sasl-scram256-configurator + secret: + defaultMode: 509 + secretName: sasl-scram256-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: sasl-scram256 + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- sasl-scram512-with-tls -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: sasl-scram512-with-tls-pool-a + namespace: sasl-scram512-with-tls + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/name: redpanda + serviceName: sasl-scram512-with-tls + template: + metadata: + annotations: + config.redpanda.com/checksum: aa39a27780f052f325cc8380a54fbcc1579cb147c42865a9be31cc30790e7911 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: sasl-scram512-with-tls + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).sasl-scram512-with-tls:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + - name: RPK_USER + value: kubernetes-controller + - name: RPK_PASS + valueFrom: + secretKeyRef: + key: password + name: sasl-scram512-with-tls-bootstrap-user + - name: RPK_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: RP_BOOTSTRAP_USER + value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - sasl-scram512-with-tls + - --redpanda-cluster-name + - sasl-scram512-with-tls + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=sasl-scram512-with-tls + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/secrets/users + name: users + readOnly: true + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: sasl-scram512-with-tls-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: sasl-scram512-with-tls + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: sasl-scram512-with-tls-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: sasl-scram512-with-tls-external-cert + - name: users + secret: + secretName: users-secret + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: sasl-scram512-with-tls-sts-lifecycle + - configMap: + name: sasl-scram512-with-tls-pool-a + name: base-config + - emptyDir: {} + name: config + - name: sasl-scram512-with-tls-configurator + secret: + defaultMode: 509 + secretName: sasl-scram512-with-tls-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: sasl-scram512-with-tls + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- single-replica -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: single-replica + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: single-replica-pool-a + namespace: single-replica + spec: + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: single-replica + app.kubernetes.io/name: redpanda + serviceName: single-replica + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: single-replica + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: single-replica + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: single-replica + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).single-replica:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.single-replica.single-replica.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.single-replica.single-replica.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - single-replica + - --redpanda-cluster-name + - single-replica + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=single-replica + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).single-replica.single-replica.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: single-replica-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: single-replica + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: single-replica + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: single-replica-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: single-replica-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: single-replica-sts-lifecycle + - configMap: + name: single-replica-pool-a + name: base-config + - emptyDir: {} + name: config + - name: single-replica-configurator + secret: + defaultMode: 509 + secretName: single-replica-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: single-replica + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- storage-hostpath -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: storage-hostpath + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: storage-hostpath-pool-a + namespace: storage-hostpath + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-hostpath + app.kubernetes.io/name: redpanda + serviceName: storage-hostpath + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-hostpath + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: storage-hostpath + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-hostpath + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).storage-hostpath:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.storage-hostpath.storage-hostpath.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.storage-hostpath.storage-hostpath.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - storage-hostpath + - --redpanda-cluster-name + - storage-hostpath + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=storage-hostpath + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).storage-hostpath.storage-hostpath.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: storage-hostpath-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: storage-hostpath + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-hostpath + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: storage-hostpath-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: storage-hostpath-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: storage-hostpath-sts-lifecycle + - configMap: + name: storage-hostpath-pool-a + name: base-config + - emptyDir: {} + name: config + - name: storage-hostpath-configurator + secret: + defaultMode: 509 + secretName: storage-hostpath-pool-a-configurator + - hostPath: + path: /mnt/redpanda + name: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + status: + availableReplicas: 0 + replicas: 0 +-- storage-pv-custom -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: storage-pv-custom-pool-a + namespace: storage-pv-custom + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/name: redpanda + serviceName: storage-pv-custom + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: storage-pv-custom + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).storage-pv-custom:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - storage-pv-custom + - --redpanda-cluster-name + - storage-pv-custom + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=storage-pv-custom + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: storage-pv-custom-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: storage-pv-custom + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: storage-pv-custom-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: storage-pv-custom-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: storage-pv-custom-sts-lifecycle + - configMap: + name: storage-pv-custom-pool-a + name: base-config + - emptyDir: {} + name: config + - name: storage-pv-custom-configurator + secret: + defaultMode: 509 + secretName: storage-pv-custom-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: storage-pv-custom + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: fast-ssd + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- tiered-storage-emptydir -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: tiered-storage-emptydir-pool-a + namespace: tiered-storage-emptydir + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/name: redpanda + serviceName: tiered-storage-emptydir + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: tiered-storage-emptydir + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-emptydir:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - tiered-storage-emptydir + - --redpanda-cluster-name + - tiered-storage-emptydir + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-emptydir + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R + /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: tiered-storage-emptydir-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: tiered-storage-emptydir + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: tiered-storage-emptydir-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: tiered-storage-emptydir-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: tiered-storage-emptydir-sts-lifecycle + - configMap: + name: tiered-storage-emptydir-pool-a + name: base-config + - emptyDir: {} + name: config + - name: tiered-storage-emptydir-configurator + secret: + defaultMode: 509 + secretName: tiered-storage-emptydir-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: + sizeLimit: 5Gi + name: tiered-storage-dir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tiered-storage-emptydir + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- tiered-storage-hostpath -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: tiered-storage-hostpath-pool-a + namespace: tiered-storage-hostpath + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/name: redpanda + serviceName: tiered-storage-hostpath + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: tiered-storage-hostpath + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-hostpath:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - tiered-storage-hostpath + - --redpanda-cluster-name + - tiered-storage-hostpath + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-hostpath + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R + /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: tiered-storage-hostpath-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: tiered-storage-hostpath + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: tiered-storage-hostpath-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: tiered-storage-hostpath-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: tiered-storage-hostpath-sts-lifecycle + - configMap: + name: tiered-storage-hostpath-pool-a + name: base-config + - emptyDir: {} + name: config + - name: tiered-storage-hostpath-configurator + secret: + defaultMode: 509 + secretName: tiered-storage-hostpath-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - hostPath: + path: /mnt/tiered + name: tiered-storage-dir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tiered-storage-hostpath + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- tiered-storage-pv -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: tiered-storage-pv-pool-a + namespace: tiered-storage-pv + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/name: redpanda + serviceName: tiered-storage-pv + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: tiered-storage-pv + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-pv:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - tiered-storage-pv + - --redpanda-cluster-name + - tiered-storage-pv + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-pv + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/sh + - -c + - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R + /var/lib/redpanda/data/cloud_storage_cache + image: busybox:latest + name: set-tiered-storage-cache-dir-ownership + resources: {} + securityContext: + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/lib/redpanda/data/cloud_storage_cache + name: tiered-storage-dir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: tiered-storage-pv-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: tiered-storage-pv + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: tiered-storage-pv-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: tiered-storage-pv-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: tiered-storage-pv-sts-lifecycle + - configMap: + name: tiered-storage-pv-pool-a + name: base-config + - emptyDir: {} + name: config + - name: tiered-storage-pv-configurator + secret: + defaultMode: 509 + secretName: tiered-storage-pv-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tiered-storage-pv + app.kubernetes.io/name: redpanda + name: tiered-storage-dir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: gp3 + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- tls-mtls -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: tls-mtls-pool-a + namespace: tls-mtls + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/name: redpanda + serviceName: tls-mtls + template: + metadata: + annotations: + config.redpanda.com/checksum: d2caedc46eb3f595b07b2ff350b3b7afb4bc3fa426b4228f25009abb60c34837 + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: tls-mtls + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tls-mtls:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt + --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key + "https://${SERVICE_NAME}.tls-mtls.tls-mtls.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key "https://${SERVICE_NAME}.tls-mtls.tls-mtls.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - tls-mtls + - --redpanda-cluster-name + - tls-mtls + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tls-mtls + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).tls-mtls.tls-mtls.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/tls/certs/default-client + name: redpanda-default-client-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: tls-mtls-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: tls-mtls + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: tls-mtls-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: tls-mtls-external-cert + - name: redpanda-default-client-cert + secret: + defaultMode: 288 + secretName: tls-mtls-default-client-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: tls-mtls-sts-lifecycle + - configMap: + name: tls-mtls-pool-a + name: base-config + - emptyDir: {} + name: config + - name: tls-mtls-configurator + secret: + defaultMode: 509 + secretName: tls-mtls-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tls-mtls + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 +-- tls-self-signed -- +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/nodepool-generation: "0" + cluster.redpanda.com/nodepool-name: pool-a + name: tls-self-signed-pool-a + namespace: tls-self-signed + spec: + podManagementPolicy: Parallel + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/name: redpanda + serviceName: tls-self-signed + template: + metadata: + annotations: + config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca + labels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: redpanda + cluster.redpanda.com/broker: "true" + redpanda.com/poddisruptionbudget: tls-self-signed + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/name: redpanda + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - command: + - rpk + - redpanda + - start + - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tls-self-signed:33145 + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: v99.9.9 + - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION + value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + lifecycle: + postStart: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook + post-start $(date): /" | tee /proc/1/fd/1; true' + preStop: + exec: + command: + - bash + - -c + - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook + pre-stop $(date): /" | tee /proc/1/fd/1; true' + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt + "https://${SERVICE_NAME}.tls-self-signed.tls-self-signed.svc.cluster.local.:9644/v1/status/ready" + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + name: redpanda + ports: + - containerPort: 9644 + name: admin + - containerPort: 9645 + name: admin-default + - containerPort: 8082 + name: http + - containerPort: 8083 + name: http-default + - containerPort: 9093 + name: kafka + - containerPort: 9094 + name: kafka-default + - containerPort: 33145 + name: rpc + - containerPort: 8081 + name: schemaregistry + - containerPort: 8084 + name: schema-default + resources: + limits: + cpu: "1" + memory: 2560Mi + startupProbe: + exec: + command: + - /bin/sh + - -c + - | + set -e + RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tls-self-signed.tls-self-signed.svc.cluster.local.:9644/v1/status/ready") + echo $RESULT + echo $RESULT | grep ready + failureThreshold: 120 + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /var/lifecycle + name: lifecycle-scripts + - mountPath: /var/lib/redpanda/data + name: datadir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - args: + - supervisor + - -- + - /redpanda-operator + - sidecar + - --redpanda-yaml + - /etc/redpanda/redpanda.yaml + - --redpanda-cluster-namespace + - tls-self-signed + - --redpanda-cluster-name + - tls-self-signed + - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tls-self-signed + - --run-broker-probe + - --broker-probe-broker-url + - $(SERVICE_NAME).tls-self-signed.tls-self-signed.svc.cluster.local.:9644 + command: + - /redpanda-operator + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ORDINAL_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: sidecar + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8093 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - rpk redpanda tune all + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: tuning + resources: {} + securityContext: + capabilities: + add: + - SYS_RESOURCE + privileged: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: base-config + - mountPath: /var/lib/redpanda/data + name: datadir + - command: + - /bin/bash + - -c + - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" + & wait $! + env: + - name: CONFIGURATOR_SCRIPT + value: /etc/secrets/configurator/scripts/configurator.sh + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 + name: redpanda-configurator + resources: {} + volumeMounts: + - mountPath: /etc/tls/certs/default + name: redpanda-default-cert + - mountPath: /etc/tls/certs/external + name: redpanda-external-cert + - mountPath: /etc/redpanda + name: config + - mountPath: /tmp/base-config + name: base-config + - mountPath: /etc/secrets/configurator/scripts/ + name: tls-self-signed-configurator + - command: + - /redpanda-operator + - bootstrap + - --in-dir + - /tmp/base-config + - --out-dir + - /tmp/config + image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 + name: bootstrap-yaml-envsubst + resources: + limits: + cpu: 100m + memory: 125Mi + requests: + cpu: 100m + memory: 125Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp/config/ + name: config + - mountPath: /tmp/base-config/ + name: base-config + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 101 + serviceAccountName: tls-self-signed + terminationGracePeriodSeconds: 90 + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/cluster-name: test + app.kubernetes.io/component: redpanda-pool-a-statefulset + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/name: redpanda + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + volumes: + - name: redpanda-default-cert + secret: + defaultMode: 288 + secretName: tls-self-signed-default-cert + - name: redpanda-external-cert + secret: + defaultMode: 288 + secretName: tls-self-signed-external-cert + - name: lifecycle-scripts + secret: + defaultMode: 509 + secretName: tls-self-signed-sts-lifecycle + - configMap: + name: tls-self-signed-pool-a + name: base-config + - emptyDir: {} + name: config + - name: tls-self-signed-configurator + secret: + defaultMode: 509 + secretName: tls-self-signed-pool-a-configurator + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: tls-self-signed + app.kubernetes.io/name: redpanda + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + status: {} + status: + availableReplicas: 0 + replicas: 0 From 5e6311c5a40006b28f93da7da75e3cfc879ed0bd Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 7 Apr 2026 11:26:57 -0400 Subject: [PATCH 2/4] remove irrelevant files for backport --- .../stretch-cluster-cases.pools.golden.txtar | 1504 -- operator/multicluster/statefulset_init.go | 232 - .../testdata/render-cases.pools.golden.txtar | 12280 ---------------- 3 files changed, 14016 deletions(-) delete mode 100644 operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar delete mode 100644 operator/multicluster/statefulset_init.go delete mode 100644 operator/multicluster/testdata/render-cases.pools.golden.txtar diff --git a/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar b/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar deleted file mode 100644 index 92cfb7472..000000000 --- a/operator/internal/lifecycle/testdata/stretch-cluster-cases.pools.golden.txtar +++ /dev/null @@ -1,1504 +0,0 @@ --- basic-test -- -[] --- compat-test -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a - app.kubernetes.io/instance: compat-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/namespace: compat-test - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: basic-a - cluster.redpanda.com/owner: compat-test - name: compat-test-basic-a - namespace: compat-test - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - serviceName: compat-test - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: compat-test - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=basic-a-$(ORDINAL_NUMBER).compat-test:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v26.1.1 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - compat-test - - --redpanda-cluster-name - - compat-test - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=compat-test - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).compat-test.compat-test.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: compat-test-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: compat-test - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: compat-test-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: compat-test-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: compat-test-sts-lifecycle - - configMap: - name: compat-test-basic-a - name: base-config - - emptyDir: {} - name: config - - name: compat-test-configurator - secret: - defaultMode: 509 - secretName: compat-test-basic-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b - app.kubernetes.io/instance: compat-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/namespace: compat-test - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: basic-b - cluster.redpanda.com/owner: compat-test - name: compat-test-basic-b - namespace: compat-test - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - serviceName: compat-test - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: compat-test - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=basic-b-$(ORDINAL_NUMBER).compat-test:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v26.1.1 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: localhost/test:dev - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.compat-test.compat-test.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - compat-test - - --redpanda-cluster-name - - compat-test - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=compat-test - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).compat-test.compat-test.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: localhost/test:dev - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: compat-test-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: localhost/test:dev - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: compat-test - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: compat-test-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: compat-test-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: compat-test-sts-lifecycle - - configMap: - name: compat-test-basic-b - name: base-config - - emptyDir: {} - name: config - - name: compat-test-configurator - secret: - defaultMode: 509 - secretName: compat-test-basic-b-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: compat-test - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- nodepool-basic-test -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/namespace: nodepool-basic-test - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: basic-a - cluster.redpanda.com/owner: nodepool-basic-test - name: nodepool-basic-test-basic-a - namespace: nodepool-basic-test - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - serviceName: nodepool-basic-test - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: nodepool-basic-test - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=basic-a-$(ORDINAL_NUMBER).nodepool-basic-test:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v26.1.1 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - nodepool-basic-test - - --redpanda-cluster-name - - nodepool-basic-test - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=nodepool-basic-test - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: nodepool-basic-test-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: nodepool-basic-test - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-a-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: nodepool-basic-test-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: nodepool-basic-test-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: nodepool-basic-test-sts-lifecycle - - configMap: - name: nodepool-basic-test-basic-a - name: base-config - - emptyDir: {} - name: config - - name: nodepool-basic-test-configurator - secret: - defaultMode: 509 - secretName: nodepool-basic-test-basic-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/namespace: nodepool-basic-test - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: basic-b - cluster.redpanda.com/owner: nodepool-basic-test - name: nodepool-basic-test-basic-b - namespace: nodepool-basic-test - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - serviceName: nodepool-basic-test - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: nodepool-basic-test - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=basic-b-$(ORDINAL_NUMBER).nodepool-basic-test:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v26.1.1 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: localhost/test:dev - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - nodepool-basic-test - - --redpanda-cluster-name - - nodepool-basic-test - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=nodepool-basic-test - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).nodepool-basic-test.nodepool-basic-test.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: localhost/test:dev - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: nodepool-basic-test-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: localhost/test:dev - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: nodepool-basic-test - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: "" - app.kubernetes.io/component: redpanda-basic-b-statefulset - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: nodepool-basic-test-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: nodepool-basic-test-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: nodepool-basic-test-sts-lifecycle - - configMap: - name: nodepool-basic-test-basic-b - name: base-config - - emptyDir: {} - name: config - - name: nodepool-basic-test-configurator - secret: - defaultMode: 509 - secretName: nodepool-basic-test-basic-b-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: nodepool-basic-test - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 diff --git a/operator/multicluster/statefulset_init.go b/operator/multicluster/statefulset_init.go deleted file mode 100644 index 219f0c3a5..000000000 --- a/operator/multicluster/statefulset_init.go +++ /dev/null @@ -1,232 +0,0 @@ -// Copyright 2026 Redpanda Data, Inc. -// -// Use of this software is governed by the Business Source License -// included in the file licenses/BSL.md -// -// As of the Change Date specified in that file, in accordance with -// the Business Source License, use of this software will be governed -// by the Apache License, Version 2.0 - -package multicluster - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/utils/ptr" - - redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" -) - -// statefulSetInitContainers returns the init containers for the StatefulSet. -func statefulSetInitContainers(state *RenderState, pool *redpandav1alpha2.NodePool) []corev1.Container { - var containers []corev1.Container - - if state.Spec().Tuning.IsTuneAioEventsEnabled() { - containers = append(containers, statefulSetInitContainerTuning(state, pool)) - } - - if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.SetDataDirOwnership.IsEnabled() { - containers = append(containers, statefulSetInitContainerSetDataDirOwnership(state, pool)) - } - - if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.FSValidator.IsEnabled() { - containers = append(containers, statefulSetInitContainerFSValidator(state, pool)) - } - - if state.Spec().TieredMountType() != "none" { - containers = append(containers, statefulSetInitContainerSetTieredStorageCacheDirOwnership(state, pool)) - } - - containers = append(containers, statefulSetInitContainerConfigurator(state, pool)) - - // Compute bootstrap env vars needed by the envsubst init container. - bootstrap := bootstrapContents(state) - containers = append(containers, bootstrapYamlTemplater(pool, bootstrap.envVars)) - - return containers -} - -func statefulSetInitContainerTuning(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { - return corev1.Container{ - Name: redpandaTuningContainerName, - Image: pool.RedpandaImage(), - Command: []string{`/bin/bash`, `-c`, `rpk redpanda tune all`}, - SecurityContext: &corev1.SecurityContext{ - Capabilities: &corev1.Capabilities{ - Add: []corev1.Capability{`SYS_RESOURCE`}, - }, - Privileged: ptr.To(true), - RunAsNonRoot: ptr.To(false), - RunAsUser: ptr.To(int64(0)), - RunAsGroup: ptr.To(int64(0)), - }, - VolumeMounts: append( - state.commonMounts(), - corev1.VolumeMount{Name: baseConfigVolumeName, MountPath: redpandaConfigMountPath}, - corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, - ), - } -} - -func statefulSetInitContainerSetDataDirOwnership(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { - return corev1.Container{ - Name: setDataDirectoryOwnershipContainerName, - Image: pool.InitImage(), - Command: []string{`/bin/sh`, `-c`, fmt.Sprintf(`chown %d:%d -R %s`, redpandaUserID, redpandaGroupID, datadirMountPath)}, - SecurityContext: &corev1.SecurityContext{ - RunAsUser: ptr.To[int64](0), - RunAsGroup: ptr.To[int64](0), - }, - VolumeMounts: append( - state.commonMounts(), - corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, - ), - } -} - -func statefulSetInitContainerFSValidator(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { - var fsValidator *redpandav1alpha2.PoolFSValidator - if pool.Spec.InitContainers != nil { - fsValidator = pool.Spec.InitContainers.FSValidator - } - expectedFS := fsValidator.GetExpectedFS() - - return corev1.Container{ - Name: fsValidatorContainerName, - Image: pool.RedpandaImage(), - Command: []string{`/bin/sh`}, - Args: []string{ - `-c`, - fmt.Sprintf(`trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh %s & wait $!`, expectedFS), - }, - VolumeMounts: append( - state.commonMounts(), - corev1.VolumeMount{Name: fmt.Sprintf(`%.49s-fs-validator`, state.fullname()), MountPath: `/etc/secrets/fs-validator/scripts/`}, - corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, - ), - } -} - -func statefulSetInitContainerConfigurator(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { - volMounts := state.commonMounts() - volMounts = append(volMounts, - corev1.VolumeMount{Name: configVolumeName, MountPath: redpandaConfigMountPath}, - corev1.VolumeMount{Name: baseConfigVolumeName, MountPath: baseConfigMountPath}, - corev1.VolumeMount{Name: fmt.Sprintf(`%.51s-configurator`, state.fullname()), MountPath: "/etc/secrets/configurator/scripts/"}, - ) - - if state.Spec().RackAwareness.IsEnabled() { - volMounts = append(volMounts, corev1.VolumeMount{ - Name: serviceAccountVolumeName, - MountPath: defaultAPITokenMountPath, - ReadOnly: true, - }) - } - - return corev1.Container{ - Name: redpandaConfiguratorContainerName, - Image: pool.RedpandaImage(), - Command: []string{ - `/bin/bash`, `-c`, - `trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" & wait $!`, - }, - Env: []corev1.EnvVar{ - {Name: "CONFIGURATOR_SCRIPT", Value: "/etc/secrets/configurator/scripts/configurator.sh"}, - { - Name: "SERVICE_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.name"}, - }, - }, - { - Name: "KUBERNETES_NODE_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{FieldPath: "spec.nodeName"}, - }, - }, - { - Name: "HOST_IP_ADDRESS", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "status.hostIP"}, - }, - }, - }, - VolumeMounts: volMounts, - } -} - -// bootstrapYamlTemplater returns an init container that templates environment variables -// into bootstrap.yaml. -func bootstrapYamlTemplater(pool *redpandav1alpha2.NodePool, envVars []corev1.EnvVar) corev1.Container { - image := pool.SidecarImage() - - var cliArgs []string - if pool.Spec.InitContainers != nil && pool.Spec.InitContainers.Configurator != nil { - cliArgs = pool.Spec.InitContainers.Configurator.AdditionalCLIArgs - } - - return corev1.Container{ - Name: "bootstrap-yaml-envsubst", - Image: image, - Command: append([]string{ - "/redpanda-operator", - "bootstrap", - "--in-dir", baseConfigMountPath, - "--out-dir", "/tmp/config", - }, cliArgs...), - Env: envVars, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("125Mi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("125Mi"), - }, - }, - VolumeMounts: []corev1.VolumeMount{ - {Name: configVolumeName, MountPath: "/tmp/config/"}, - {Name: baseConfigVolumeName, MountPath: baseConfigMountPath + "/"}, - }, - SecurityContext: &corev1.SecurityContext{ - AllowPrivilegeEscalation: ptr.To(false), - ReadOnlyRootFilesystem: ptr.To(true), - RunAsNonRoot: ptr.To(true), - }, - } -} - -// statefulSetInitContainerSetTieredStorageCacheDirOwnership returns an init container -// that creates and chowns the tiered storage cache directory. -func statefulSetInitContainerSetTieredStorageCacheDirOwnership(state *RenderState, pool *redpandav1alpha2.NodePool) corev1.Container { - cacheDir := state.Spec().TieredCacheDirectory() - - volMounts := state.commonMounts() - volMounts = append(volMounts, - corev1.VolumeMount{Name: datadirVolumeName, MountPath: datadirMountPath}, - ) - mountType := state.Spec().TieredMountType() - if mountType != "none" { - volMounts = append(volMounts, corev1.VolumeMount{ - Name: state.Spec().TieredStorageVolumeName(), - MountPath: cacheDir, - }) - } - - return corev1.Container{ - Name: "set-tiered-storage-cache-dir-ownership", - Image: pool.InitImage(), - Command: []string{ - "/bin/sh", "-c", - fmt.Sprintf("mkdir -p %s; chown %d:%d -R %s", cacheDir, redpandaUserID, redpandaGroupID, cacheDir), - }, - SecurityContext: &corev1.SecurityContext{ - RunAsUser: ptr.To[int64](0), - RunAsGroup: ptr.To[int64](0), - }, - VolumeMounts: volMounts, - } -} diff --git a/operator/multicluster/testdata/render-cases.pools.golden.txtar b/operator/multicluster/testdata/render-cases.pools.golden.txtar deleted file mode 100644 index 200f51cf7..000000000 --- a/operator/multicluster/testdata/render-cases.pools.golden.txtar +++ /dev/null @@ -1,12280 +0,0 @@ --- audit-logging -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: audit-logging-pool-a - namespace: audit-logging - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/name: redpanda - serviceName: audit-logging - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: audit-logging - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).audit-logging:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.audit-logging.audit-logging.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.audit-logging.audit-logging.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - audit-logging - - --redpanda-cluster-name - - audit-logging - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=audit-logging - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).audit-logging.audit-logging.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: audit-logging-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: audit-logging - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: audit-logging-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: audit-logging-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: audit-logging-sts-lifecycle - - configMap: - name: audit-logging-pool-a - name: base-config - - emptyDir: {} - name: config - - name: audit-logging-configurator - secret: - defaultMode: 509 - secretName: audit-logging-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: audit-logging - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- common-labels -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: common-labels - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - env: staging - team: platform - name: common-labels-pool-a - namespace: common-labels - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: common-labels - app.kubernetes.io/name: redpanda - serviceName: common-labels - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: common-labels - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - env: staging - redpanda.com/poddisruptionbudget: common-labels - team: platform - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: common-labels - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).common-labels:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.common-labels.common-labels.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.common-labels.common-labels.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - common-labels - - --redpanda-cluster-name - - common-labels - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=common-labels - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).common-labels.common-labels.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: common-labels-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: common-labels - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: common-labels - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: common-labels-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: common-labels-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: common-labels-sts-lifecycle - - configMap: - name: common-labels-pool-a - name: base-config - - emptyDir: {} - name: config - - name: common-labels-configurator - secret: - defaultMode: 509 - secretName: common-labels-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: common-labels - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- custom-cluster-domain -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: custom-cluster-domain-pool-a - namespace: custom-cluster-domain - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/name: redpanda - serviceName: custom-cluster-domain - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: custom-cluster-domain - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-cluster-domain:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - custom-cluster-domain - - --redpanda-cluster-name - - custom-cluster-domain - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-cluster-domain - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).custom-cluster-domain.custom-cluster-domain.svc.custom.local:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: custom-cluster-domain-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: custom-cluster-domain - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: custom-cluster-domain-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: custom-cluster-domain-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: custom-cluster-domain-sts-lifecycle - - configMap: - name: custom-cluster-domain-pool-a - name: base-config - - emptyDir: {} - name: config - - name: custom-cluster-domain-configurator - secret: - defaultMode: 509 - secretName: custom-cluster-domain-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: custom-cluster-domain - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- custom-config -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: custom-config - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: custom-config-pool-a - namespace: custom-config - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-config - app.kubernetes.io/name: redpanda - serviceName: custom-config - template: - metadata: - annotations: - config.redpanda.com/checksum: 2ff60a749b20db7d64dc692490f0cfcc2ea8e26e36bcc43c53f5ab28532a7b54 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-config - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: custom-config - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-config - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-config:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.custom-config.custom-config.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-config.custom-config.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - custom-config - - --redpanda-cluster-name - - custom-config - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-config - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).custom-config.custom-config.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: custom-config-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: custom-config - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-config - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: custom-config-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: custom-config-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: custom-config-sts-lifecycle - - configMap: - name: custom-config-pool-a - name: base-config - - emptyDir: {} - name: config - - name: custom-config-configurator - secret: - defaultMode: 509 - secretName: custom-config-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: custom-config - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- custom-image -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: custom-image - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: custom-image-pool-a - namespace: custom-image - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-image - app.kubernetes.io/name: redpanda - serviceName: custom-image - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-image - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: custom-image - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-image - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-image:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: custom-registry.example.com/operator:v24.3.1 - image: custom-registry.example.com/redpanda:v24.3.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.custom-image.custom-image.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-image.custom-image.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - custom-image - - --redpanda-cluster-name - - custom-image - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-image - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).custom-image.custom-image.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: custom-registry.example.com/operator:v24.3.1 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - imagePullSecrets: - - name: regcred - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: custom-registry.example.com/redpanda:v24.3.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: custom-registry.example.com/redpanda:v24.3.1 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: custom-image-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: custom-registry.example.com/operator:v24.3.1 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: custom-image - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-image - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: custom-image-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: custom-image-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: custom-image-sts-lifecycle - - configMap: - name: custom-image-pool-a - name: base-config - - emptyDir: {} - name: config - - name: custom-image-configurator - secret: - defaultMode: 509 - secretName: custom-image-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: custom-image - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- custom-resources -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: custom-resources-pool-a - namespace: custom-resources - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/name: redpanda - serviceName: custom-resources - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: custom-resources - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-resources:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.custom-resources.custom-resources.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "4" - memory: 8Gi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-resources.custom-resources.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - custom-resources - - --redpanda-cluster-name - - custom-resources - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-resources - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).custom-resources.custom-resources.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: custom-resources-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: custom-resources - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: custom-resources-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: custom-resources-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: custom-resources-sts-lifecycle - - configMap: - name: custom-resources-pool-a - name: base-config - - emptyDir: {} - name: config - - name: custom-resources-configurator - secret: - defaultMode: 509 - secretName: custom-resources-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- custom-resources-explicit -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: custom-resources-explicit-pool-a - namespace: custom-resources-explicit - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/name: redpanda - serviceName: custom-resources-explicit - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: custom-resources-explicit - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).custom-resources-explicit:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "4" - memory: 8Gi - requests: - cpu: "2" - memory: 4Gi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - custom-resources-explicit - - --redpanda-cluster-name - - custom-resources-explicit - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=custom-resources-explicit - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).custom-resources-explicit.custom-resources-explicit.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: custom-resources-explicit-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: custom-resources-explicit - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: custom-resources-explicit-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: custom-resources-explicit-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: custom-resources-explicit-sts-lifecycle - - configMap: - name: custom-resources-explicit-pool-a - name: base-config - - emptyDir: {} - name: config - - name: custom-resources-explicit-configurator - secret: - defaultMode: 509 - secretName: custom-resources-explicit-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: custom-resources-explicit - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- enterprise -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: enterprise - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: enterprise-pool-a - namespace: enterprise - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: enterprise - app.kubernetes.io/name: redpanda - serviceName: enterprise - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: enterprise - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: enterprise - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: enterprise - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).enterprise:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.enterprise.enterprise.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.enterprise.enterprise.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - enterprise - - --redpanda-cluster-name - - enterprise - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=enterprise - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).enterprise.enterprise.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: enterprise-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: enterprise - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: enterprise - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: enterprise-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: enterprise-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: enterprise-sts-lifecycle - - configMap: - name: enterprise-pool-a - name: base-config - - emptyDir: {} - name: config - - name: enterprise-configurator - secret: - defaultMode: 509 - secretName: enterprise-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: enterprise - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- external-loadbalancer -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: external-loadbalancer-pool-a - namespace: external-loadbalancer - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/name: redpanda - serviceName: external-loadbalancer - template: - metadata: - annotations: - config.redpanda.com/checksum: 6b75a3b044743b3d7c588d59ac3a6e32af736a3f690c711bd1adfd16e9d970b2 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: external-loadbalancer - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-loadbalancer:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 30644 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 30082 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 30092 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 30081 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - external-loadbalancer - - --redpanda-cluster-name - - external-loadbalancer - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-loadbalancer - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).external-loadbalancer.external-loadbalancer.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: external-loadbalancer-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: external-loadbalancer - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: external-loadbalancer-default-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: external-loadbalancer-sts-lifecycle - - configMap: - name: external-loadbalancer-pool-a - name: base-config - - emptyDir: {} - name: config - - name: external-loadbalancer-configurator - secret: - defaultMode: 509 - secretName: external-loadbalancer-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: external-loadbalancer - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- external-nodeport -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: external-nodeport-pool-a - namespace: external-nodeport - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/name: redpanda - serviceName: external-nodeport - template: - metadata: - annotations: - config.redpanda.com/checksum: b150b8294c144a808614e5a5697f52a9ac58f6358a6b8fc194f9896062d4064a - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: external-nodeport - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-nodeport:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.external-nodeport.external-nodeport.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 31644 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 31092 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-nodeport.external-nodeport.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - external-nodeport - - --redpanda-cluster-name - - external-nodeport - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-nodeport - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).external-nodeport.external-nodeport.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: external-nodeport-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: external-nodeport - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: external-nodeport-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: external-nodeport-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: external-nodeport-sts-lifecycle - - configMap: - name: external-nodeport-pool-a - name: base-config - - emptyDir: {} - name: config - - name: external-nodeport-configurator - secret: - defaultMode: 509 - secretName: external-nodeport-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: external-nodeport - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- external-tls -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: external-tls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: external-tls-pool-a - namespace: external-tls - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-tls - app.kubernetes.io/name: redpanda - serviceName: external-tls - template: - metadata: - annotations: - config.redpanda.com/checksum: 47eac106a7064a92dc868c1f45fd518e605004c1e0cb257fe7dfda9cddc65719 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-tls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: external-tls - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-tls - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).external-tls:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.external-tls.external-tls.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 30644 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 30082 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 30092 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 30081 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.external-tls.external-tls.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - external-tls - - --redpanda-cluster-name - - external-tls - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=external-tls - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).external-tls.external-tls.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: external-tls-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: external-tls - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: external-tls - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: external-tls-default-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: external-tls-sts-lifecycle - - configMap: - name: external-tls-pool-a - name: base-config - - emptyDir: {} - name: config - - name: external-tls-configurator - secret: - defaultMode: 509 - secretName: external-tls-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: external-tls - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- full-featured -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-cold - app.kubernetes.io/instance: full-featured - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-cold - team: data-platform - name: full-featured-pool-cold - namespace: full-featured - spec: - podManagementPolicy: Parallel - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-cold-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: cold - serviceName: full-featured - template: - metadata: - annotations: - config.redpanda.com/checksum: 087e00eae7054984bc2d23b7669521bf620651e34cd8065c174d285c96af1851 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-cold-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: full-featured - team: data-platform - tier: cold - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-cold-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: cold - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-cold-$(ORDINAL_NUMBER).full-featured:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - - name: RPK_USER - value: kubernetes-controller - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: full-featured-bootstrap-user - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-512 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 30644 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 30082 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 30092 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 30081 - name: schema-default - resources: - limits: - cpu: "8" - memory: 16Gi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - full-featured - - --redpanda-cluster-name - - full-featured - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=full-featured - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).full-featured.full-featured.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R - /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: full-featured-configurator - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: full-featured - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-cold-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: cold - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: full-featured-default-cert - - name: users - secret: - secretName: users-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: full-featured-sts-lifecycle - - configMap: - name: full-featured-pool-cold - name: base-config - - emptyDir: {} - name: config - - name: full-featured-configurator - secret: - defaultMode: 509 - secretName: full-featured-pool-cold-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: fast-ssd - status: {} - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - name: tiered-storage-dir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - storageClassName: gp3 - status: {} - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-hot - app.kubernetes.io/instance: full-featured - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-hot - team: data-platform - name: full-featured-pool-hot - namespace: full-featured - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-hot-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: hot - serviceName: full-featured - template: - metadata: - annotations: - config.redpanda.com/checksum: 087e00eae7054984bc2d23b7669521bf620651e34cd8065c174d285c96af1851 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-hot-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: full-featured - team: data-platform - tier: hot - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-hot-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: hot - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-hot-$(ORDINAL_NUMBER).full-featured:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - - name: RPK_USER - value: kubernetes-controller - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: full-featured-bootstrap-user - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-512 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 30644 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 30082 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 30092 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 30081 - name: schema-default - resources: - limits: - cpu: "8" - memory: 16Gi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.full-featured.full-featured.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - full-featured - - --redpanda-cluster-name - - full-featured - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=full-featured - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).full-featured.full-featured.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh - xfs & wait $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: fs-validator - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/secrets/fs-validator/scripts/ - name: full-featured-fs-validator - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R - /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: full-featured-configurator - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: full-featured - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-hot-statefulset - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - tier: hot - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: full-featured-default-cert - - name: users - secret: - secretName: users-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: full-featured-sts-lifecycle - - configMap: - name: full-featured-pool-hot - name: base-config - - emptyDir: {} - name: config - - name: full-featured-configurator - secret: - defaultMode: 509 - secretName: full-featured-pool-hot-configurator - - name: full-featured-fs-validator - secret: - defaultMode: 509 - secretName: full-featured-pool-hot-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: fast-ssd - status: {} - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: full-featured - app.kubernetes.io/name: redpanda - name: tiered-storage-dir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - storageClassName: gp3 - status: {} - status: - availableReplicas: 0 - replicas: 0 --- init-containers -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: init-containers - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: init-containers-pool-a - namespace: init-containers - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: init-containers - app.kubernetes.io/name: redpanda - serviceName: init-containers - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: init-containers - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: init-containers - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: init-containers - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).init-containers:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.init-containers.init-containers.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.init-containers.init-containers.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - init-containers - - --redpanda-cluster-name - - init-containers - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=init-containers - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).init-containers.init-containers.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - chown 101:101 -R /var/lib/redpanda/data - image: busybox:latest - name: set-datadir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - args: - - -c - - trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh - ext4 & wait $! - command: - - /bin/sh - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: fs-validator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/secrets/fs-validator/scripts/ - name: init-containers-fs-validator - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: init-containers-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: init-containers - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: init-containers - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: init-containers-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: init-containers-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: init-containers-sts-lifecycle - - configMap: - name: init-containers-pool-a - name: base-config - - emptyDir: {} - name: config - - name: init-containers-configurator - secret: - defaultMode: 509 - secretName: init-containers-pool-a-configurator - - name: init-containers-fs-validator - secret: - defaultMode: 509 - secretName: init-containers-pool-a-fs-validator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: init-containers - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- memory-locking -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: memory-locking-pool-a - namespace: memory-locking - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/name: redpanda - serviceName: memory-locking - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: memory-locking - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).memory-locking:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.memory-locking.memory-locking.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "2" - memory: 4Gi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.memory-locking.memory-locking.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - memory-locking - - --redpanda-cluster-name - - memory-locking - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=memory-locking - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).memory-locking.memory-locking.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: memory-locking-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: memory-locking - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: memory-locking-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: memory-locking-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: memory-locking-sts-lifecycle - - configMap: - name: memory-locking-pool-a - name: base-config - - emptyDir: {} - name: config - - name: memory-locking-configurator - secret: - defaultMode: 509 - secretName: memory-locking-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: memory-locking - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- minimal -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: minimal - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: minimal-pool-a - namespace: minimal - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: minimal - app.kubernetes.io/name: redpanda - serviceName: minimal - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: minimal - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: minimal - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: minimal - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).minimal:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.minimal.minimal.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.minimal.minimal.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - minimal - - --redpanda-cluster-name - - minimal - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=minimal - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).minimal.minimal.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: minimal-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: minimal - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: minimal - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: minimal-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: minimal-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: minimal-sts-lifecycle - - configMap: - name: minimal-pool-a - name: base-config - - emptyDir: {} - name: config - - name: minimal-configurator - secret: - defaultMode: 509 - secretName: minimal-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: minimal - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- monitoring -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: monitoring - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: monitoring-pool-a - namespace: monitoring - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: monitoring - app.kubernetes.io/name: redpanda - serviceName: monitoring - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: monitoring - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: monitoring - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: monitoring - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).monitoring:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.monitoring.monitoring.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.monitoring.monitoring.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - monitoring - - --redpanda-cluster-name - - monitoring - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=monitoring - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).monitoring.monitoring.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: monitoring-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: monitoring - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: monitoring - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: monitoring-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: monitoring-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: monitoring-sts-lifecycle - - configMap: - name: monitoring-pool-a - name: base-config - - emptyDir: {} - name: config - - name: monitoring-configurator - secret: - defaultMode: 509 - secretName: monitoring-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: monitoring - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- multi-pool -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: multi-pool-pool-a - namespace: multi-pool - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - serviceName: multi-pool - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: multi-pool - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).multi-pool:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - multi-pool - - --redpanda-cluster-name - - multi-pool - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=multi-pool - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).multi-pool.multi-pool.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: multi-pool-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: multi-pool - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: multi-pool-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: multi-pool-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: multi-pool-sts-lifecycle - - configMap: - name: multi-pool-pool-a - name: base-config - - emptyDir: {} - name: config - - name: multi-pool-configurator - secret: - defaultMode: 509 - secretName: multi-pool-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-b - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-b - name: multi-pool-pool-b - namespace: multi-pool - spec: - podManagementPolicy: Parallel - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-b-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - pool-type: hot-storage - serviceName: multi-pool - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-b-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - pool-type: hot-storage - redpanda.com/poddisruptionbudget: multi-pool - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-b-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - pool-type: hot-storage - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-b-$(ORDINAL_NUMBER).multi-pool:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.multi-pool.multi-pool.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - multi-pool - - --redpanda-cluster-name - - multi-pool - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=multi-pool - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).multi-pool.multi-pool.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: multi-pool-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: multi-pool - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-b-statefulset - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - pool-type: hot-storage - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: multi-pool-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: multi-pool-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: multi-pool-sts-lifecycle - - configMap: - name: multi-pool-pool-b - name: base-config - - emptyDir: {} - name: config - - name: multi-pool-configurator - secret: - defaultMode: 509 - secretName: multi-pool-pool-b-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: multi-pool - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- per-pod-service-overrides -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: per-pod-service-overrides-pool-a - namespace: per-pod-service-overrides - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/name: redpanda - serviceName: per-pod-service-overrides - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: per-pod-service-overrides - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).per-pod-service-overrides:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - per-pod-service-overrides - - --redpanda-cluster-name - - per-pod-service-overrides - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=per-pod-service-overrides - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).per-pod-service-overrides.per-pod-service-overrides.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: per-pod-service-overrides-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: per-pod-service-overrides - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: per-pod-service-overrides-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: per-pod-service-overrides-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: per-pod-service-overrides-sts-lifecycle - - configMap: - name: per-pod-service-overrides-pool-a - name: base-config - - emptyDir: {} - name: config - - name: per-pod-service-overrides-configurator - secret: - defaultMode: 509 - secretName: per-pod-service-overrides-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: per-pod-service-overrides - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- per-pod-service-remote-disabled -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: per-pod-service-remote-disabled-pool-a - namespace: per-pod-service-remote-disabled - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/name: redpanda - serviceName: per-pod-service-remote-disabled - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: per-pod-service-remote-disabled - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).per-pod-service-remote-disabled:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - per-pod-service-remote-disabled - - --redpanda-cluster-name - - per-pod-service-remote-disabled - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=per-pod-service-remote-disabled - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).per-pod-service-remote-disabled.per-pod-service-remote-disabled.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: per-pod-service-remote-disabled-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: per-pod-service-remote-disabled - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: per-pod-service-remote-disabled-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: per-pod-service-remote-disabled-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: per-pod-service-remote-disabled-sts-lifecycle - - configMap: - name: per-pod-service-remote-disabled-pool-a - name: base-config - - emptyDir: {} - name: config - - name: per-pod-service-remote-disabled-configurator - secret: - defaultMode: 509 - secretName: per-pod-service-remote-disabled-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: per-pod-service-remote-disabled - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- rack-awareness -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: rack-awareness-pool-a - namespace: rack-awareness - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/name: redpanda - serviceName: rack-awareness - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: rack-awareness - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).rack-awareness:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.rack-awareness.rack-awareness.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.rack-awareness.rack-awareness.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - rack-awareness - - --redpanda-cluster-name - - rack-awareness - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=rack-awareness - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).rack-awareness.rack-awareness.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: rack-awareness-configurator - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: rack-awareness - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: rack-awareness-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: rack-awareness-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: rack-awareness-sts-lifecycle - - configMap: - name: rack-awareness-pool-a - name: base-config - - emptyDir: {} - name: config - - name: rack-awareness-configurator - secret: - defaultMode: 509 - secretName: rack-awareness-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: rack-awareness - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- sasl-scram256 -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: sasl-scram256-pool-a - namespace: sasl-scram256 - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/name: redpanda - serviceName: sasl-scram256 - template: - metadata: - annotations: - config.redpanda.com/checksum: aa39a27780f052f325cc8380a54fbcc1579cb147c42865a9be31cc30790e7911 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: sasl-scram256 - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).sasl-scram256:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - - name: RPK_USER - value: kubernetes-controller - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: sasl-scram256-bootstrap-user - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-256 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.sasl-scram256.sasl-scram256.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.sasl-scram256.sasl-scram256.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - sasl-scram256 - - --redpanda-cluster-name - - sasl-scram256 - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=sasl-scram256 - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).sasl-scram256.sasl-scram256.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: sasl-scram256-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: sasl-scram256 - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: sasl-scram256-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: sasl-scram256-external-cert - - name: users - secret: - secretName: users-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: sasl-scram256-sts-lifecycle - - configMap: - name: sasl-scram256-pool-a - name: base-config - - emptyDir: {} - name: config - - name: sasl-scram256-configurator - secret: - defaultMode: 509 - secretName: sasl-scram256-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: sasl-scram256 - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- sasl-scram512-with-tls -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: sasl-scram512-with-tls-pool-a - namespace: sasl-scram512-with-tls - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/name: redpanda - serviceName: sasl-scram512-with-tls - template: - metadata: - annotations: - config.redpanda.com/checksum: aa39a27780f052f325cc8380a54fbcc1579cb147c42865a9be31cc30790e7911 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: sasl-scram512-with-tls - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).sasl-scram512-with-tls:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - - name: RPK_USER - value: kubernetes-controller - - name: RPK_PASS - valueFrom: - secretKeyRef: - key: password - name: sasl-scram512-with-tls-bootstrap-user - - name: RPK_SASL_MECHANISM - value: SCRAM-SHA-512 - - name: RP_BOOTSTRAP_USER - value: $(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM) - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - sasl-scram512-with-tls - - --redpanda-cluster-name - - sasl-scram512-with-tls - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=sasl-scram512-with-tls - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).sasl-scram512-with-tls.sasl-scram512-with-tls.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/secrets/users - name: users - readOnly: true - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: sasl-scram512-with-tls-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: sasl-scram512-with-tls - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: sasl-scram512-with-tls-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: sasl-scram512-with-tls-external-cert - - name: users - secret: - secretName: users-secret - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: sasl-scram512-with-tls-sts-lifecycle - - configMap: - name: sasl-scram512-with-tls-pool-a - name: base-config - - emptyDir: {} - name: config - - name: sasl-scram512-with-tls-configurator - secret: - defaultMode: 509 - secretName: sasl-scram512-with-tls-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: sasl-scram512-with-tls - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- single-replica -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: single-replica - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: single-replica-pool-a - namespace: single-replica - spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: single-replica - app.kubernetes.io/name: redpanda - serviceName: single-replica - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: single-replica - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: single-replica - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: single-replica - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).single-replica:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.single-replica.single-replica.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.single-replica.single-replica.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - single-replica - - --redpanda-cluster-name - - single-replica - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=single-replica - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).single-replica.single-replica.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: single-replica-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: single-replica - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: single-replica - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: single-replica-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: single-replica-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: single-replica-sts-lifecycle - - configMap: - name: single-replica-pool-a - name: base-config - - emptyDir: {} - name: config - - name: single-replica-configurator - secret: - defaultMode: 509 - secretName: single-replica-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: single-replica - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- storage-hostpath -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: storage-hostpath - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: storage-hostpath-pool-a - namespace: storage-hostpath - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-hostpath - app.kubernetes.io/name: redpanda - serviceName: storage-hostpath - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-hostpath - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: storage-hostpath - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-hostpath - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).storage-hostpath:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.storage-hostpath.storage-hostpath.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.storage-hostpath.storage-hostpath.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - storage-hostpath - - --redpanda-cluster-name - - storage-hostpath - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=storage-hostpath - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).storage-hostpath.storage-hostpath.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: storage-hostpath-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: storage-hostpath - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-hostpath - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: storage-hostpath-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: storage-hostpath-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: storage-hostpath-sts-lifecycle - - configMap: - name: storage-hostpath-pool-a - name: base-config - - emptyDir: {} - name: config - - name: storage-hostpath-configurator - secret: - defaultMode: 509 - secretName: storage-hostpath-pool-a-configurator - - hostPath: - path: /mnt/redpanda - name: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - status: - availableReplicas: 0 - replicas: 0 --- storage-pv-custom -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: storage-pv-custom-pool-a - namespace: storage-pv-custom - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/name: redpanda - serviceName: storage-pv-custom - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: storage-pv-custom - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).storage-pv-custom:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - storage-pv-custom - - --redpanda-cluster-name - - storage-pv-custom - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=storage-pv-custom - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).storage-pv-custom.storage-pv-custom.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: storage-pv-custom-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: storage-pv-custom - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: storage-pv-custom-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: storage-pv-custom-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: storage-pv-custom-sts-lifecycle - - configMap: - name: storage-pv-custom-pool-a - name: base-config - - emptyDir: {} - name: config - - name: storage-pv-custom-configurator - secret: - defaultMode: 509 - secretName: storage-pv-custom-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: storage-pv-custom - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: fast-ssd - status: {} - status: - availableReplicas: 0 - replicas: 0 --- tiered-storage-emptydir -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: tiered-storage-emptydir-pool-a - namespace: tiered-storage-emptydir - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/name: redpanda - serviceName: tiered-storage-emptydir - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: tiered-storage-emptydir - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-emptydir:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - tiered-storage-emptydir - - --redpanda-cluster-name - - tiered-storage-emptydir - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-emptydir - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).tiered-storage-emptydir.tiered-storage-emptydir.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R - /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: tiered-storage-emptydir-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: tiered-storage-emptydir - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: tiered-storage-emptydir-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: tiered-storage-emptydir-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: tiered-storage-emptydir-sts-lifecycle - - configMap: - name: tiered-storage-emptydir-pool-a - name: base-config - - emptyDir: {} - name: config - - name: tiered-storage-emptydir-configurator - secret: - defaultMode: 509 - secretName: tiered-storage-emptydir-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - emptyDir: - sizeLimit: 5Gi - name: tiered-storage-dir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tiered-storage-emptydir - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- tiered-storage-hostpath -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: tiered-storage-hostpath-pool-a - namespace: tiered-storage-hostpath - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/name: redpanda - serviceName: tiered-storage-hostpath - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: tiered-storage-hostpath - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-hostpath:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - tiered-storage-hostpath - - --redpanda-cluster-name - - tiered-storage-hostpath - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-hostpath - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).tiered-storage-hostpath.tiered-storage-hostpath.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R - /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: tiered-storage-hostpath-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: tiered-storage-hostpath - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: tiered-storage-hostpath-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: tiered-storage-hostpath-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: tiered-storage-hostpath-sts-lifecycle - - configMap: - name: tiered-storage-hostpath-pool-a - name: base-config - - emptyDir: {} - name: config - - name: tiered-storage-hostpath-configurator - secret: - defaultMode: 509 - secretName: tiered-storage-hostpath-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - hostPath: - path: /mnt/tiered - name: tiered-storage-dir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tiered-storage-hostpath - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- tiered-storage-pv -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: tiered-storage-pv-pool-a - namespace: tiered-storage-pv - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/name: redpanda - serviceName: tiered-storage-pv - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: tiered-storage-pv - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tiered-storage-pv:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - tiered-storage-pv - - --redpanda-cluster-name - - tiered-storage-pv - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tiered-storage-pv - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).tiered-storage-pv.tiered-storage-pv.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/sh - - -c - - mkdir -p /var/lib/redpanda/data/cloud_storage_cache; chown 101:101 -R - /var/lib/redpanda/data/cloud_storage_cache - image: busybox:latest - name: set-tiered-storage-cache-dir-ownership - resources: {} - securityContext: - runAsGroup: 0 - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/lib/redpanda/data/cloud_storage_cache - name: tiered-storage-dir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: tiered-storage-pv-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: tiered-storage-pv - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: tiered-storage-pv-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: tiered-storage-pv-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: tiered-storage-pv-sts-lifecycle - - configMap: - name: tiered-storage-pv-pool-a - name: base-config - - emptyDir: {} - name: config - - name: tiered-storage-pv-configurator - secret: - defaultMode: 509 - secretName: tiered-storage-pv-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tiered-storage-pv - app.kubernetes.io/name: redpanda - name: tiered-storage-dir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: gp3 - status: {} - status: - availableReplicas: 0 - replicas: 0 --- tls-mtls -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: tls-mtls-pool-a - namespace: tls-mtls - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/name: redpanda - serviceName: tls-mtls - template: - metadata: - annotations: - config.redpanda.com/checksum: d2caedc46eb3f595b07b2ff350b3b7afb4bc3fa426b4228f25009abb60c34837 - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: tls-mtls - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tls-mtls:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt - --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key - "https://${SERVICE_NAME}.tls-mtls.tls-mtls.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default-client/ca.crt --cert /etc/tls/certs/default-client/tls.crt --key /etc/tls/certs/default-client/tls.key "https://${SERVICE_NAME}.tls-mtls.tls-mtls.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - tls-mtls - - --redpanda-cluster-name - - tls-mtls - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tls-mtls - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).tls-mtls.tls-mtls.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/tls/certs/default-client - name: redpanda-default-client-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: tls-mtls-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: tls-mtls - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: tls-mtls-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: tls-mtls-external-cert - - name: redpanda-default-client-cert - secret: - defaultMode: 288 - secretName: tls-mtls-default-client-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: tls-mtls-sts-lifecycle - - configMap: - name: tls-mtls-pool-a - name: base-config - - emptyDir: {} - name: config - - name: tls-mtls-configurator - secret: - defaultMode: 509 - secretName: tls-mtls-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tls-mtls - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 --- tls-self-signed -- -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/nodepool-generation: "0" - cluster.redpanda.com/nodepool-name: pool-a - name: tls-self-signed-pool-a - namespace: tls-self-signed - spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/name: redpanda - serviceName: tls-self-signed - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/managed-by: redpanda-operator - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - redpanda.com/poddisruptionbudget: tls-self-signed - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=pool-a-$(ORDINAL_NUMBER).tls-self-signed:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: operator - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: v99.9.9 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt - "https://${SERVICE_NAME}.tls-self-signed.tls-self-signed.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: "1" - memory: 2560Mi - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.tls-self-signed.tls-self-signed.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - tls-self-signed - - --redpanda-cluster-name - - tls-self-signed - - --selector=app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=tls-self-signed - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).tls-self-signed.tls-self-signed.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v99.9.9 - name: redpanda-configurator - resources: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: tls-self-signed-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - image: docker.redpanda.com/redpandadata/redpanda-operator:v99.9.9 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: tls-self-signed - terminationGracePeriodSeconds: 90 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/cluster-name: test - app.kubernetes.io/component: redpanda-pool-a-statefulset - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: tls-self-signed-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: tls-self-signed-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: tls-self-signed-sts-lifecycle - - configMap: - name: tls-self-signed-pool-a - name: base-config - - emptyDir: {} - name: config - - name: tls-self-signed-configurator - secret: - defaultMode: 509 - secretName: tls-self-signed-pool-a-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: OnDelete - volumeClaimTemplates: - - metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: tls-self-signed - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} - status: - availableReplicas: 0 - replicas: 0 From 5fa013bcfe2a9ca3c4c16e565001eb4ea223f1da Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 7 Apr 2026 11:31:46 -0400 Subject: [PATCH 3/4] regen golden files --- charts/redpanda/testdata/template-cases.golden.txtar | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/redpanda/testdata/template-cases.golden.txtar b/charts/redpanda/testdata/template-cases.golden.txtar index d18cb396c..008aae43d 100644 --- a/charts/redpanda/testdata/template-cases.golden.txtar +++ b/charts/redpanda/testdata/template-cases.golden.txtar @@ -110276,10 +110276,7 @@ spec: - --out-dir - /tmp/config env: null -<<<<<<< HEAD image: docker.redpanda.com/redpandadata/redpanda-operator:v25.3.3 -======= - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 name: bootstrap-yaml-envsubst resources: limits: From d562c0689be870c2893cacd12356def744493a57 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 7 Apr 2026 11:37:54 -0400 Subject: [PATCH 4/4] regen golden files --- .../testdata/template-cases.golden.txtar | 1468 ----------------- 1 file changed, 1468 deletions(-) diff --git a/charts/redpanda/testdata/template-cases.golden.txtar b/charts/redpanda/testdata/template-cases.golden.txtar index 008aae43d..d773165fc 100644 --- a/charts/redpanda/testdata/template-cases.golden.txtar +++ b/charts/redpanda/testdata/template-cases.golden.txtar @@ -110316,1474 +110316,6 @@ spec: name: base-config - emptyDir: {} name: config --- testdata/TestTemplate/service-monitor-for-console-without-tls.yaml.golden -- ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda - namespace: default -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - redpanda.com/poddisruptionbudget: redpanda ---- -# Source: redpanda/charts/console/templates/entry-point.yaml -apiVersion: v1 -automountServiceAccountToken: false -kind: ServiceAccount -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 - name: redpanda-console - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -automountServiceAccountToken: false -kind: ServiceAccount -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-sts-lifecycle - namespace: default -stringData: - common.sh: |- - #!/usr/bin/env bash - - # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="https://${SERVICE_NAME}.redpanda.default.svc.cluster.local:9644" - - # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/node_config" - - CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/maintenance" - postStart.sh: |- - #!/usr/bin/env bash - # This code should be similar if not exactly the same as that found in the panda-operator, see - # https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go - - # path below should match the path defined on the statefulset - source /var/lifecycle/common.sh - - postStartHook () { - set -x - - touch /tmp/postStartHookStarted - - until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do - sleep 0.5 - done - - echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" - # a 400 here would mean not in maintenance mode - until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do - status=$(${CURL_MAINTENANCE_DELETE_CMD}) - sleep 0.5 - done - - touch /tmp/postStartHookFinished - } - - postStartHook - true - preStop.sh: |- - #!/usr/bin/env bash - # This code should be similar if not exactly the same as that found in the panda-operator, see - # https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go - - touch /tmp/preStopHookStarted - - # path below should match the path defined on the statefulset - source /var/lifecycle/common.sh - - set -x - - preStopHook () { - until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do - sleep 0.5 - done - - echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} --cacert /etc/tls/certs/default/ca.crt ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" - until [ "${status:-}" = '"200"' ]; do - status=$(${CURL_MAINTENANCE_PUT_CMD}) - sleep 0.5 - done - - until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do - res=$(${CURL_MAINTENANCE_GET_CMD}) - finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$') - draining=$(echo $res | grep -o '\"draining\":[^,}]*' | grep -o '[^: ]*$') - sleep 0.5 - done - - touch /tmp/preStopHookFinished - } - preStopHook - true -type: Opaque ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-configurator - namespace: default -stringData: - configurator.sh: |- - set -xe - SERVICE_NAME=$1 - KUBERNETES_NODE_NAME=$2 - POD_ORDINAL=${SERVICE_NAME##*-} - BROKER_INDEX=`expr $POD_ORDINAL + 1` - - CONFIG=/etc/redpanda/redpanda.yaml - - # Setup config files - cp /tmp/base-config/redpanda.yaml "${CONFIG}" - - LISTENER="{\"address\":\"${SERVICE_NAME}.redpanda.default.svc.cluster.local.\",\"name\":\"internal\",\"port\":9093}" - rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[0] "$LISTENER" - - ADVERTISED_KAFKA_ADDRESSES=() - - PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") - - PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") - - PREFIX_TEMPLATE="" - ADVERTISED_KAFKA_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":31092}") - - rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[1] "${ADVERTISED_KAFKA_ADDRESSES[$POD_ORDINAL]}" - - LISTENER="{\"address\":\"${SERVICE_NAME}.redpanda.default.svc.cluster.local.\",\"name\":\"internal\",\"port\":8082}" - rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[0] "$LISTENER" - - ADVERTISED_HTTP_ADDRESSES=() - - PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") - - PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") - - PREFIX_TEMPLATE="" - ADVERTISED_HTTP_ADDRESSES+=("{\"address\":\"${SERVICE_NAME}\",\"name\":\"default\",\"port\":30082}") - - rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[1] "${ADVERTISED_HTTP_ADDRESSES[$POD_ORDINAL]}" -type: Opaque ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -data: - .bootstrap.json.in: '{"audit_enabled":"false","cloud_storage_cache_size":"5368709120","cloud_storage_enable_remote_read":"true","cloud_storage_enable_remote_write":"true","cloud_storage_enabled":"false","compacted_log_segment_size":"67108864","default_topic_replications":"3","enable_rack_awareness":"false","enable_sasl":"false","kafka_connection_rate_limit":"1000","kafka_enable_authorization":"false","log_segment_size_max":"268435456","log_segment_size_min":"16777216","max_compacted_log_segment_size":"536870912","storage_min_free_bytes":"1073741824"}' - bootstrap.yaml.fixups: '[]' - redpanda.yaml: |- - config_file: /etc/redpanda/redpanda.yaml - pandaproxy: - pandaproxy_api: - - address: 0.0.0.0 - name: internal - port: 8082 - - address: 0.0.0.0 - name: default - port: 8083 - pandaproxy_api_tls: - - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt - pandaproxy_client: - broker_tls: - enabled: true - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - brokers: - - address: redpanda-0.redpanda.default.svc.cluster.local. - port: 9093 - - address: redpanda-1.redpanda.default.svc.cluster.local. - port: 9093 - - address: redpanda-2.redpanda.default.svc.cluster.local. - port: 9093 - redpanda: - admin: - - address: 0.0.0.0 - name: internal - port: 9644 - - address: 0.0.0.0 - name: default - port: 9645 - admin_api_tls: - - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt - crash_loop_limit: 5 - empty_seed_starts_cluster: false - kafka_api: - - address: 0.0.0.0 - name: internal - port: 9093 - - address: 0.0.0.0 - name: default - port: 9094 - kafka_api_tls: - - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt - rpc_server: - address: 0.0.0.0 - port: 33145 - rpc_server_tls: - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - seed_servers: - - host: - address: redpanda-0.redpanda.default.svc.cluster.local. - port: 33145 - - host: - address: redpanda-1.redpanda.default.svc.cluster.local. - port: 33145 - - host: - address: redpanda-2.redpanda.default.svc.cluster.local. - port: 33145 - rpk: - additional_start_flags: - - --default-log-level=info - - --memory=2048M - - --reserve-memory=205M - - --smp=1 - admin_api: - addresses: - - redpanda-0.redpanda.default.svc.cluster.local.:9644 - - redpanda-1.redpanda.default.svc.cluster.local.:9644 - - redpanda-2.redpanda.default.svc.cluster.local.:9644 - tls: - ca_file: /etc/tls/certs/default/ca.crt - enable_memory_locking: false - kafka_api: - brokers: - - redpanda-0.redpanda.default.svc.cluster.local.:9093 - - redpanda-1.redpanda.default.svc.cluster.local.:9093 - - redpanda-2.redpanda.default.svc.cluster.local.:9093 - tls: - ca_file: /etc/tls/certs/default/ca.crt - overprovisioned: false - schema_registry: - addresses: - - redpanda-0.redpanda.default.svc.cluster.local.:8081 - - redpanda-1.redpanda.default.svc.cluster.local.:8081 - - redpanda-2.redpanda.default.svc.cluster.local.:8081 - tls: - ca_file: /etc/tls/certs/default/ca.crt - tune_aio_events: true - schema_registry: - schema_registry_api: - - address: 0.0.0.0 - name: internal - port: 8081 - - address: 0.0.0.0 - name: default - port: 8084 - schema_registry_api_tls: - - cert_file: /etc/tls/certs/default/tls.crt - enabled: true - key_file: /etc/tls/certs/default/tls.key - name: internal - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - - cert_file: /etc/tls/certs/external/tls.crt - enabled: true - key_file: /etc/tls/certs/external/tls.key - name: default - require_client_auth: false - truststore_file: /etc/tls/certs/external/ca.crt - schema_registry_client: - broker_tls: - enabled: true - require_client_auth: false - truststore_file: /etc/tls/certs/default/ca.crt - brokers: - - address: redpanda-0.redpanda.default.svc.cluster.local. - port: 9093 - - address: redpanda-1.redpanda.default.svc.cluster.local. - port: 9093 - - address: redpanda-2.redpanda.default.svc.cluster.local. - port: 9093 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -data: - profile: |- - admin_api: - addresses: - - redpanda-0:31644 - - redpanda-1:31644 - - redpanda-2:31644 - tls: - ca_file: ca.crt - kafka_api: - brokers: - - redpanda-0:31092 - - redpanda-1:31092 - - redpanda-2:31092 - tls: - ca_file: ca.crt - name: default - schema_registry: - addresses: - - redpanda-0:30081 - - redpanda-1:30081 - - redpanda-2:30081 - tls: - ca_file: ca.crt -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-rpk - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -data: - config.yaml: | - # from .Values.config - kafka: - brokers: - - redpanda-0.redpanda.default.svc.cluster.local.:9093 - - redpanda-1.redpanda.default.svc.cluster.local.:9093 - - redpanda-2.redpanda.default.svc.cluster.local.:9093 - tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt - enabled: true - redpanda: - adminApi: - enabled: true - tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt - enabled: true - urls: - - https://redpanda.default.svc.cluster.local.:9644 - schemaRegistry: - enabled: true - tls: - caFilepath: /etc/tls/certs/secrets/redpanda-default-cert/ca.crt - enabled: true - urls: - - https://redpanda-0.redpanda.default.svc.cluster.local.:8081 - - https://redpanda-1.redpanda.default.svc.cluster.local.:8081 - - https://redpanda-2.redpanda.default.svc.cluster.local.:8081 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 - name: redpanda-console - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-rpk-debug-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-sidecar - namespace: default -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-rpk-debug-bundle - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redpanda-rpk-debug-bundle -subjects: -- kind: ServiceAccount - name: redpanda - namespace: default ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-sidecar - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redpanda-sidecar -subjects: -- kind: ServiceAccount - name: redpanda - namespace: default ---- -# Source: redpanda/charts/console/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 - name: redpanda-console - namespace: default -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 0 - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: console - type: ClusterIP ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-external - namespace: default -spec: - externalTrafficPolicy: Local - ports: - - name: admin-default - nodePort: 31644 - port: 9645 - protocol: TCP - targetPort: 0 - - name: kafka-default - nodePort: 31092 - port: 9094 - protocol: TCP - targetPort: 0 - - name: http-default - nodePort: 30082 - port: 8083 - protocol: TCP - targetPort: 0 - - name: schema-default - nodePort: 30081 - port: 8084 - protocol: TCP - targetPort: 0 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - sessionAffinity: None - type: NodePort ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - monitoring.redpanda.com/enabled: "false" - name: redpanda - namespace: default -spec: - clusterIP: None - ports: - - appProtocol: null - name: admin - port: 9644 - protocol: TCP - targetPort: 9644 - - name: http - port: 8082 - protocol: TCP - targetPort: 8082 - - name: kafka - port: 9093 - protocol: TCP - targetPort: 9093 - - name: rpc - port: 33145 - protocol: TCP - targetPort: 33145 - - name: schemaregistry - port: 8081 - protocol: TCP - targetPort: 8081 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - type: ClusterIP ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 - name: redpanda-console - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: console - strategy: {} - template: - metadata: - annotations: - checksum/config: 44e632405e10e419e4cb3a5f69d2911edabaa8fd561fc25ec1017dc35a99fc96 - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: console - spec: - affinity: {} - automountServiceAccountToken: false - containers: - - args: - - --config.filepath=/etc/console/configs/config.yaml - command: null - env: - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: helm - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: 3.7.0 - - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION - value: redpandadata/console:v3.7.0 - - name: REDPANDA_METRICS_K8S_VERSION - value: v1.99.0-gke - - name: REDPANDA_METRICS_K8S_ENVIRONMENT - value: GCP - envFrom: [] - image: docker.redpanda.com/redpandadata/console:v3.7.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /admin/health - port: http - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: console - ports: - - containerPort: 8080 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /admin/health - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: {} - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /etc/console/configs - name: configs - readOnly: true - - mountPath: /etc/tls/certs - name: redpanda-certificates - imagePullSecrets: [] - initContainers: null - nodeSelector: {} - priorityClassName: "" - securityContext: - fsGroup: 99 - fsGroupChangePolicy: Always - runAsUser: 99 - serviceAccountName: redpanda-console - tolerations: [] - topologySpreadConstraints: [] - volumes: - - configMap: - name: redpanda-console - name: configs - - name: redpanda-certificates - projected: - sources: - - secret: - items: - - key: ca.crt - path: secrets/redpanda-default-cert/ca.crt - name: redpanda-default-cert ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda - namespace: default -spec: - podManagementPolicy: Parallel - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - serviceName: redpanda - template: - metadata: - annotations: - config.redpanda.com/checksum: a90b21628d89546d234075143f437a7118e87dca2eb009f7ffb653e7b8f09eca - labels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - cluster.redpanda.com/broker: "true" - helm.sh/chart: redpanda-26.1.1 - redpanda.com/poddisruptionbudget: redpanda - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - topologyKey: kubernetes.io/hostname - automountServiceAccountToken: false - containers: - - command: - - rpk - - redpanda - - start - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.default.svc.cluster.local.:33145 - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: REDPANDA_METRICS_K8S_VERSION - value: v1.99.0-gke - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: helm - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: 26.1.1 - - name: REDPANDA_METRICS_K8S_OPERATOR_IMAGE_VERSION - value: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - - name: REDPANDA_METRICS_K8S_ENVIRONMENT - value: GCP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - lifecycle: - postStart: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/postStart.sh 2>&1 | sed "s/^/lifecycle-hook - post-start $(date): /" | tee /proc/1/fd/1; true' - preStop: - exec: - command: - - bash - - -c - - 'timeout -v 45 bash -x /var/lifecycle/preStop.sh 2>&1 | sed "s/^/lifecycle-hook - pre-stop $(date): /" | tee /proc/1/fd/1; true' - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: 9644 - name: redpanda - ports: - - containerPort: 9644 - name: admin - - containerPort: 9645 - name: admin-default - - containerPort: 8082 - name: http - - containerPort: 8083 - name: http-default - - containerPort: 9093 - name: kafka - - containerPort: 9094 - name: kafka-default - - containerPort: 33145 - name: rpc - - containerPort: 8081 - name: schemaregistry - - containerPort: 8084 - name: schema-default - resources: - limits: - cpu: 1 - memory: 2.5Gi - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - startupProbe: - exec: - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k -m 5 --cacert /etc/tls/certs/default/ca.crt "https://${SERVICE_NAME}.redpanda.default.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /var/lifecycle - name: lifecycle-scripts - - mountPath: /var/lib/redpanda/data - name: datadir - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - - args: - - supervisor - - -- - - /redpanda-operator - - sidecar - - --redpanda-yaml - - /etc/redpanda/redpanda.yaml - - --redpanda-cluster-namespace - - default - - --redpanda-cluster-name - - redpanda - - --selector=helm.sh/chart=redpanda-26.1.1,app.kubernetes.io/name=redpanda,app.kubernetes.io/instance=redpanda - - --run-broker-probe - - --broker-probe-broker-url - - $(SERVICE_NAME).redpanda.default.svc.cluster.local.:9644 - command: - - /redpanda-operator - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: sidecar - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8093 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 0 - resources: {} - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access - readOnly: true - imagePullSecrets: [] - initContainers: - - command: - - /bin/bash - - -c - - rpk redpanda tune all - env: null - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: tuning - resources: {} - securityContext: - capabilities: - add: - - SYS_RESOURCE - privileged: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: base-config - - mountPath: /var/lib/redpanda/data - name: datadir - - command: - - /bin/bash - - -c - - trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" - & wait $! - env: - - name: CONFIGURATOR_SCRIPT - value: /etc/secrets/configurator/scripts/configurator.sh - - name: SERVICE_NAME - valueFrom: - configMapKeyRef: null - fieldRef: - fieldPath: metadata.name - resourceFieldRef: null - secretKeyRef: null - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: docker.redpanda.com/redpandadata/redpanda:v26.1.1 - name: redpanda-configurator - resources: {} - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /etc/redpanda - name: config - - mountPath: /tmp/base-config - name: base-config - - mountPath: /etc/secrets/configurator/scripts/ - name: redpanda-configurator - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - nodeSelector: {} - priorityClassName: "" - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: redpanda - terminationGracePeriodSeconds: 90 - tolerations: [] - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/component: redpanda-statefulset - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - name: lifecycle-scripts - secret: - defaultMode: 509 - secretName: redpanda-sts-lifecycle - - configMap: - name: redpanda - name: base-config - - emptyDir: {} - name: config - - name: redpanda-configurator - secret: - defaultMode: 509 - secretName: redpanda-configurator - - name: datadir - persistentVolumeClaim: - claimName: datadir - - name: kube-api-access - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - metadata: - annotations: null - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - status: {} ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-default-root-certificate - namespace: default -spec: - commonName: redpanda-default-root-certificate - duration: 43800h0m0s - isCA: true - issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-default-selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: redpanda-default-root-certificate ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-external-root-certificate - namespace: default -spec: - commonName: redpanda-external-root-certificate - duration: 43800h0m0s - isCA: true - issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-external-selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: redpanda-external-root-certificate ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-default-cert - namespace: default -spec: - dnsNames: - - redpanda-cluster.redpanda.default.svc.cluster.local - - redpanda-cluster.redpanda.default.svc - - redpanda-cluster.redpanda.default - - '*.redpanda-cluster.redpanda.default.svc.cluster.local' - - '*.redpanda-cluster.redpanda.default.svc' - - '*.redpanda-cluster.redpanda.default' - - redpanda.default.svc.cluster.local - - redpanda.default.svc - - redpanda.default - - '*.redpanda.default.svc.cluster.local' - - '*.redpanda.default.svc' - - '*.redpanda.default' - duration: 43800h0m0s - isCA: false - issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-default-root-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: redpanda-default-cert ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-external-cert - namespace: default -spec: - dnsNames: - - redpanda-cluster.redpanda.default.svc.cluster.local - - redpanda-cluster.redpanda.default.svc - - redpanda-cluster.redpanda.default - - '*.redpanda-cluster.redpanda.default.svc.cluster.local' - - '*.redpanda-cluster.redpanda.default.svc' - - '*.redpanda-cluster.redpanda.default' - - redpanda.default.svc.cluster.local - - redpanda.default.svc - - redpanda.default - - '*.redpanda.default.svc.cluster.local' - - '*.redpanda.default.svc' - - '*.redpanda.default' - duration: 43800h0m0s - isCA: false - issuerRef: - group: cert-manager.io - kind: Issuer - name: redpanda-external-root-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: redpanda-external-cert ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-default-selfsigned-issuer - namespace: default -spec: - selfSigned: {} ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-default-root-issuer - namespace: default -spec: - ca: - secretName: redpanda-default-root-certificate ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-external-selfsigned-issuer - namespace: default -spec: - selfSigned: {} ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-external-root-issuer - namespace: default -spec: - ca: - secretName: redpanda-external-root-certificate ---- -# Source: redpanda/charts/console/templates/entry-point.yaml -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 - name: redpanda-console - namespace: default -spec: - endpoints: - - interval: 1m - path: /admin/metrics - port: http - scheme: HTTP - namespaceSelector: {} - selector: - matchLabels: - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.7.0 - helm.sh/chart: console-3.7.0 ---- -# Source: redpanda/templates/entry-point.yaml -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "-5" - labels: - app.kubernetes.io/component: redpanda - app.kubernetes.io/instance: redpanda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redpanda - helm.sh/chart: redpanda-26.1.1 - name: redpanda-configuration - namespace: default -spec: - template: - metadata: - annotations: {} - generateName: redpanda-post- - labels: - app.kubernetes.io/component: redpanda-post-install - app.kubernetes.io/instance: redpanda - app.kubernetes.io/name: redpanda-configuration - spec: - automountServiceAccountToken: false - containers: - - command: - - /redpanda-operator - - sync-cluster-config - - --users-directory - - /etc/secrets/users - - --redpanda-yaml - - /tmp/base-config/redpanda.yaml - - --bootstrap-yaml - - /tmp/config/.bootstrap.yaml - env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 - name: post-install - resources: {} - securityContext: {} - volumeMounts: - - mountPath: /etc/tls/certs/default - name: redpanda-default-cert - - mountPath: /etc/tls/certs/external - name: redpanda-external-cert - - mountPath: /tmp/config - name: config - - mountPath: /tmp/base-config - name: base-config - imagePullSecrets: [] - initContainers: - - command: - - /redpanda-operator - - bootstrap - - --in-dir - - /tmp/base-config - - --out-dir - - /tmp/config - env: null - image: docker.redpanda.com/redpandadata/redpanda-operator:v26.1.1 ->>>>>>> df1b92fa (Fix ballast file propagation from tuning container (#1414)) - name: bootstrap-yaml-envsubst - resources: - limits: - cpu: 100m - memory: 125Mi - requests: - cpu: 100m - memory: 125Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/config/ - name: config - - mountPath: /tmp/base-config/ - name: base-config - nodeSelector: {} - restartPolicy: Never - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsUser: 101 - serviceAccountName: redpanda - tolerations: [] - volumes: - - name: redpanda-default-cert - secret: - defaultMode: 288 - secretName: redpanda-default-cert - - name: redpanda-external-cert - secret: - defaultMode: 288 - secretName: redpanda-external-cert - - configMap: - name: redpanda - name: base-config - - emptyDir: {} - name: config -- testdata/TestTemplate/service-monitor-with-tls-in-admin-api.yaml.golden -- --- # Source: redpanda/templates/entry-point.yaml