# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for kafka. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value --- images: tags: kafka: docker.io/wurstmeister/kafka:2.12-2.3.0 kafka_exporter: docker.io/danielqsj/kafka-exporter:latest dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 image_repo_sync: docker.io/docker:17.07.0 helm_test: docker.io/wurstmeister/kafka:2.12-2.3.0 generate_acl: docker.io/wurstmeister/kafka:2.12-2.3.0 pull_policy: IfNotPresent local_registry: active: false exclude: - dep_check - image_repo_sync labels: kafka: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled pod: security_context: kafka: pod: {} container: kafka: {} kafka-init: {} kafka_exporter: pod: {} container: kafka_exporter: {} generate_acl: pod: {} container: generate_acl: {} affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname weight: default: 10 mounts: kafka: kafka: init_container: null replicas: kafka: 3 kafka_exporter: 1 lifecycle: upgrades: statefulsets: pod_replacement_strategy: RollingUpdate termination_grace_period: kafka: timeout: 30 kafka_exporter: timeout: 30 resources: enabled: false kafka: limits: memory: "1024Mi" cpu: "2000m" requests: memory: "128Mi" cpu: "500m" kafka_exporter: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" generate_acl: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" test: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 kafka: name: kafka namespace: null auth: admin: username: admin password: changeme hosts: default: kafka-broker discovery: kafka-discovery public: kafka host_fqdn_override: default: null # NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null path: default: null scheme: default: 'http' port: broker: default: 9092 kafka-exporter: default: 9141 jmx-exporter: default: 9404 kafka_exporter: auth: username: kafka-exporter password: changeme namespace: null hosts: default: kafka-exporter host_fqdn_override: default: null scheme: default: 'http' port: exporter: default: 9308 zookeeper: name: zookeeper namespace: null auth: admin: username: admin password: changeme hosts: default: zookeeper-int public: zookeeper host_fqdn_override: default: null path: default: null scheme: default: 'http' port: client: default: 2181 server: default: 2888 dependencies: dynamic: common: local_image_registry: jobs: - kafka-image-repo-sync services: - endpoint: node service: local_image_registry static: image_repo_sync: services: - endpoint: internal service: local_image_registry kafka: services: - endpoint: internal service: zookeeper kafka_exporter: services: - endpoint: internal service: kafka generate_acl: services: - endpoint: internal service: kafka monitoring: prometheus: enabled: true kafka_exporter: scrape: true network: kafka: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/session-cookie-name: kube-ingress-session-kafka nginx.ingress.kubernetes.io/session-cookie-hash: sha1 nginx.ingress.kubernetes.io/session-cookie-expires: "600" nginx.ingress.kubernetes.io/session-cookie-max-age: "600" node_port: enabled: false port: 31033 network_policy: kafka: ingress: - {} egress: - {} kafka_exporter: ingress: - {} egress: - {} secrets: tls: kafka: kafka: public: kafka-tls-public kafka: admin: kafka-admin-creds kafka_exporter: user: kafka-exporter-creds storage: enabled: true pvc: name: kafka-pvc access_mode: ["ReadWriteOnce"] requests: storage: 5Gi storage_class: general manifests: configmap_bin: true configmap_etc: true helm_test: true ingress: true job_image_repo_sync: true job_generate_acl: true monitoring: prometheus: configmap_bin: true deployment: true secret_exporter: true service: true network_policy: false network_policy: false secret_ingress_tls: true secret_kafka: true secret_zookeeper: true service_discovery: true service_ingress: true service: true statefulset: true jobs: generate_acl: backoffLimit: 6 activeDeadlineSeconds: 600 conf: kafka: config: data_directory: /var/lib/kafka/data server_settings: # Optionally provide configuration overrides for Kafka's # server.properties file. Replace '.' with '_' ie: # for message.max.bytes enter message_max_bytes message_max_bytes: 5000000 authorizer_class_name: kafka.security.auth.SimpleAclAuthorizer listeners: SASL_PLAINTEXT://:9092 security_protocol: SASL_PLAINTEXT security_inter_broker_protocol: SASL_PLAINTEXT sasl_mechanism: PLAIN sasl_enabled_mechanisms: PLAIN sasl_mechanism_inter_broker_protocol: PLAIN topics: # List of topic strings formatted like: # topic_name:number_of_partitions:replication_factor # - "mytopic:1:1" jaas: # Define Authentication Details in this section producers: # region_a: # Just an ID used to iterate through the dict of producers # username: region-a-producer # password: changeme # topic: region-a # Used in generate-acl.sh to provide access consumers: # region_a: # Just an ID used to iterate through the dict of consumers # username: region-a-consumer # password: changeme # topic: region-a # Used in generate-acl.sh to provide access # group: region-a # Used in generate-acl.sh to provide access template: | KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required {{- $admin := .Values.endpoints.kafka.auth.admin }} username={{ $admin.username | quote}} password={{ $admin.password | quote}} user_{{ $admin.username }}={{ $admin.password | quote }} {{- if .Values.monitoring.prometheus.enabled }} {{- $exporter := .Values.endpoints.kafka_exporter.auth }} user_{{ $exporter.username }}={{ $exporter.password | quote }} {{- end }} {{- range $producer, $credentials := .Values.conf.kafka.jaas.producers }} user_{{ $credentials.username }}={{ $credentials.password | quote }} {{- end }} {{- range $consumer, $credentials := .Values.conf.kafka.jaas.producers }} user_{{ $credentials.username }}={{ $credentials.password | quote }} {{- end }} {{- printf ";" }} }; KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username={{ $admin.username | quote}} password={{ $admin.password | quote}} {{- printf ";" }} }; Client { org.apache.kafka.common.security.plain.PlainLoginModule required username={{ $admin.username | quote}} password={{ $admin.password | quote}} {{- printf ";" }} }; jvm_options: - -Djava.security.auth.login.config=/opt/kafka/config/jaas.conf ...