diff --git a/charts/kafka-ui/.helmignore b/charts/kafka-ui/.helmignore new file mode 100644 index 0000000..7a93969 --- /dev/null +++ b/charts/kafka-ui/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +example/ +README.md diff --git a/charts/kafka-ui/Chart.yaml b/charts/kafka-ui/Chart.yaml new file mode 100644 index 0000000..2f0be5e --- /dev/null +++ b/charts/kafka-ui/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: kafka-ui +description: A Helm chart for kafka-UI +type: application +version: 1.4.9 +appVersion: v1.0.0 +icon: https://raw.githubusercontent.com/kafbat/kafka-ui/main/documentation/images/logo_new.png diff --git a/charts/kafka-ui/README.md b/charts/kafka-ui/README.md new file mode 100644 index 0000000..29b2319 --- /dev/null +++ b/charts/kafka-ui/README.md @@ -0,0 +1,89 @@ +## Parameters + +### Common + +| Name | Description | Value | +| ------------------ | ------------------------------------------ | ----- | +| `replicaCount` | Number of Kafka-UI replicas to deploy | `1` | +| `image.registry` | image registry | `""` | +| `image.repository` | image repository | `""` | +| `image.pullPolicy` | image pull policy | `""` | +| `image.tag` | image tag (immutable tags are recommended) | `""` | +| `imagePullSecrets` | Docker registry secret names as an array | `[]` | +| `nameOverride` | String to partially override chart name | `""` | +| `fullnameOverride` | String to fully override app name | `""` | + +### ServiceAccount configuration + +| Name | Description | Value | +| ---------------------------- | ---------------------------------------------------- | ------ | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | + +### Application configuration + +| Name | Description | Value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `existingConfigMap` | Name of the existing ConfigMap with kafbat-ui environment variables | `""` | +| `yamlApplicationConfig` | Kafbat-UI config in Yaml format | `{}` | +| `yamlApplicationConfigConfigMap` | Map with name and keyName keys, name refers to the existing ConfigMap, keyName refers to the ConfigMap key with Kafbat-UI config in Yaml format | `{}` | +| `yamlApplicationConfigSecret` | Secret with name and keyName keys, name refers to the existing ConfigMap, keyName refers to the ConfigMap key with Kafbat-UI config in Yaml format | `{}` | +| `existingSecret` | Name of the existing Secret with Kafbat-UI environment variables | `""` | +| `envs.secret` | Set of the sensitive environment variables to pass to Kafbat-UI | `{}` | +| `envs.config` | Set of the environment variables to pass to Kafbat-UI | `{}` | +| `envs.secretMappings` | The mapping of existing secret to env variable. | `{}` | +| `envs.configMappings` | The mapping of configmap and keyName to get env variable. | `{}` | +| `env` | Envs to be added to the Kafka-UI container | `{}` | +| `resources` | Set Kafka-UI container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `initContainers` | Add additional init containers to the Kafka-UI pods | `{}` | +| `volumeMounts` | Optionally specify additional volumeMounts for the kafka-UI container | `{}` | +| `volumes` | Optionally specify additional volumes for the Kafka-UI pods | `{}` | +| `hostAliases` | Kafka-UI pods host aliases | `{}` | +| `extraContainers` | Specify additional containers in extraContainers. | `""` | + +### Network Policies + +| Name | Description | Value | +| ----------------------- | --------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `podAnnotations` | Annotations for Kafka-UI pods | `{}` | +| `podLabels` | Extra labels for Kafka-UI pods | `{}` | +| `annotations` | Annotations to be added to kafka-ui Deployment | `{}` | +| `labels` | Labels to be added to kafka-ui Deployment | `{}` | +| `probes.useHttpsScheme` | Set field schema as HTTPS for readines and liveness probe | `false` | + +### Security Context + +| Name | Description | Value | +| -------------------- | ----------------------------------------------------------------------------------- | ----- | +| `podSecurityContext` | The security settings that you specify for a Pod apply to all Containers in the Pod | `{}` | +| `securityContext` | The security settings that you specify for a Kafka-UI container | `{}` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kafka-UI service type | `ClusterIP` | +| `service.port` | Kafka-UI pod port number | `80` | +| `ingress.enabled` | Enable ingress record generation for Kafka-UI | `""` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.labels` | Labels for the Ingress | `{}` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.pathType` | Ingress path type | `Prefix` | +| `ingress.host` | Default hostname for the ingress record | `""` | +| `ingress.tls.enabled` | Enable TLS configuration for the host defined at `ingress.host` parameter | `false` | +| `ingress.tls.secretName` | The name of a pre-created Secret containing a TLS private key and certificate | `""` | +| `ingress.precedingPaths` | HTTP paths to add to the Ingress before the default path | `[]` | +| `ingress.succeedingPaths` | Http paths to add to the Ingress after the default path | `[]` | +| `resources` | Set Kafka-UI pod requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +### Scheduling + +| Name | Description | Value | +| ---------------------- | ----------------------------------------------------------------------- | ----- | +| `nodeSelector` | Node labels for Kafka-UI pods assignment | `{}` | +| `tolerations` | Tolerations for Kafka-UI pods assignment | `[]` | +| `affinity` | Affinity for Kafka-UI pods assignment | `{}` | +| `revisionHistoryLimit` | Specify how many old ReplicaSets for this Deployment you want to retain | `nil` | diff --git a/charts/kafka-ui/artifacthub-repo.yml b/charts/kafka-ui/artifacthub-repo.yml new file mode 100644 index 0000000..3addbb6 --- /dev/null +++ b/charts/kafka-ui/artifacthub-repo.yml @@ -0,0 +1,15 @@ +# Artifact Hub repository metadata file +# +# Some settings like the verified publisher flag or the ignored packages won't +# be applied until the next time the repository is processed. Please keep in +# mind that the repository won't be processed if it has not changed since the +# last time it was processed. Depending on the repository kind, this is checked +# in a different way. For Helm http based repositories, we consider it has +# changed if the `index.yaml` file changes. For git based repositories, it does +# when the hash of the last commit in the branch you set up changes. This does +# NOT apply to ownership claim operations, which are processed immediately. +# +repositoryID: 243d43a8-9c5f-42b8-8173-c23350ed1e7a +owners: + - name: maintainers.kafbat + email: maintainers@kafbat.io \ No newline at end of file diff --git a/charts/kafka-ui/index.yaml b/charts/kafka-ui/index.yaml new file mode 100644 index 0000000..8728071 --- /dev/null +++ b/charts/kafka-ui/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2021-11-11T12:26:08.479581+03:00" diff --git a/charts/kafka-ui/templates/NOTES.txt b/charts/kafka-ui/templates/NOTES.txt new file mode 100644 index 0000000..94e8d39 --- /dev/null +++ b/charts/kafka-ui/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kafka-ui.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kafka-ui.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kafka-ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kafka-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080 +{{- end }} diff --git a/charts/kafka-ui/templates/_helpers.tpl b/charts/kafka-ui/templates/_helpers.tpl new file mode 100644 index 0000000..7155681 --- /dev/null +++ b/charts/kafka-ui/templates/_helpers.tpl @@ -0,0 +1,84 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kafka-ui.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kafka-ui.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kafka-ui.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kafka-ui.labels" -}} +helm.sh/chart: {{ include "kafka-ui.chart" . }} +{{ include "kafka-ui.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kafka-ui.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kafka-ui.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kafka-ui.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kafka-ui.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{/* +This allows us to check if the registry of the image is specified or not. +*/}} +{{- define "kafka-ui.imageName" -}} +{{- $registryName := .Values.image.registry -}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- $registryName = .Values.global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- $repository := .Values.image.repository -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repository $tag -}} +{{- else }} +{{- printf "%s:%s" $repository $tag -}} +{{- end }} +{{- end -}} + diff --git a/charts/kafka-ui/templates/configmap.yaml b/charts/kafka-ui/templates/configmap.yaml new file mode 100644 index 0000000..56b2bf4 --- /dev/null +++ b/charts/kafka-ui/templates/configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.envs.config -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kafka-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +data: + {{- toYaml .Values.envs.config | nindent 2 }} +{{- end -}} diff --git a/charts/kafka-ui/templates/configmap_fromValues.yaml b/charts/kafka-ui/templates/configmap_fromValues.yaml new file mode 100644 index 0000000..25c9346 --- /dev/null +++ b/charts/kafka-ui/templates/configmap_fromValues.yaml @@ -0,0 +1,12 @@ +{{- if .Values.yamlApplicationConfig -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kafka-ui.fullname" . }}-fromvalues + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +data: + config.yml: |- + {{- tpl (toYaml .Values.yamlApplicationConfig) . | nindent 4}} +{{ end }} diff --git a/charts/kafka-ui/templates/deployment.yaml b/charts/kafka-ui/templates/deployment.yaml new file mode 100644 index 0000000..08d8a53 --- /dev/null +++ b/charts/kafka-ui/templates/deployment.yaml @@ -0,0 +1,194 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kafka-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} + {{- if .Values.labels }} + {{- toYaml .Values.labels | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + {{- if .Values.revisionHistoryLimit }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- end }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/configFromValues: {{ include (print $.Template.BasePath "/configmap_fromValues.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + {{- include "kafka-ui.selectorLabels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kafka-ui.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "kafka-ui.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if or .Values.env + .Values.yamlApplicationConfig .Values.yamlApplicationConfigConfigMap .Values.yamlApplicationConfigSecret + (.Values.envs).secretMappings (.Values.envs).configMappings + }} + env: + {{- with .Values.env }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if or .Values.yamlApplicationConfig .Values.yamlApplicationConfigConfigMap .Values.yamlApplicationConfigSecret }} + - name: SPRING_CONFIG_ADDITIONAL-LOCATION + {{- if .Values.yamlApplicationConfig }} + value: /kafka-ui/config.yml + {{- else if .Values.yamlApplicationConfigConfigMap }} + value: /kafka-ui/{{ .Values.yamlApplicationConfigConfigMap.keyName | default "config.yml" }} + {{- else if .Values.yamlApplicationConfigSecret }} + value: /kafka-ui/{{ .Values.yamlApplicationConfigSecret.keyName | default "config.yml" }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.envs.secretMappings }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ required "Missing required value envs.secretMappings.[].name" $value.name }} + key: {{ required "Missing required value envs.secretMappings.[].keyName" $value.keyName }} + {{- end }} + {{- range $key, $value := .Values.envs.configMappings }} + - name: {{ $key }} + valueFrom: + configMapKeyRef: + name: {{ required "Missing required value envs.configMappings.[].name" $value.name }} + key: {{ required "Missing required value envs.configMappings.[].keyName" $value.keyName }} + {{- end }} + {{- end }} + {{- if or .Values.existingConfigMap .Values.envs.config .Values.existingSecret .Values.envs.secret }} + envFrom: + {{- if .Values.existingConfigMap }} + - configMapRef: + name: {{ .Values.existingConfigMap }} + {{- end }} + {{- if .Values.envs.config }} + - configMapRef: + name: {{ include "kafka-ui.fullname" . }} + {{- end }} + {{- if .Values.existingSecret }} + - secretRef: + name: {{ .Values.existingSecret }} + {{- end }} + {{- if .Values.envs.secret}} + - secretRef: + name: {{ include "kafka-ui.fullname" . }} + {{- end}} + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + {{- $contextPath := .Values.envs.config.SERVER_SERVLET_CONTEXT_PATH | default "" | printf "%s/actuator/health" | urlParse }} + path: {{ get $contextPath "path" }} + port: http + {{- if .Values.probes.useHttpsScheme }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + {{- $contextPath := .Values.envs.config.SERVER_SERVLET_CONTEXT_PATH | default "" | printf "%s/actuator/health" | urlParse }} + path: {{ get $contextPath "path" }} + port: http + {{- if .Values.probes.useHttpsScheme }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- if or .Values.yamlApplicationConfig .Values.volumeMounts .Values.yamlApplicationConfigConfigMap .Values.yamlApplicationConfigSecret }} + volumeMounts: + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.yamlApplicationConfig }} + - name: kafka-ui-yaml-conf + mountPath: /kafka-ui/ + {{- end }} + {{- if .Values.yamlApplicationConfigConfigMap}} + - name: kafka-ui-yaml-conf-configmap + mountPath: /kafka-ui/ + {{- end }} + {{- if .Values.yamlApplicationConfigSecret}} + - name: kafka-ui-yaml-conf-secret + mountPath: /kafka-ui/ + {{- end }} + {{- end }} + {{- with .Values.extraContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + {{- if or .Values.yamlApplicationConfig .Values.volumes .Values.yamlApplicationConfigConfigMap .Values.yamlApplicationConfigSecret }} + volumes: + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.yamlApplicationConfig }} + - name: kafka-ui-yaml-conf + configMap: + name: {{ include "kafka-ui.fullname" . }}-fromvalues + {{- end }} + {{- if .Values.yamlApplicationConfigConfigMap}} + - name: kafka-ui-yaml-conf-configmap + configMap: + name: {{ .Values.yamlApplicationConfigConfigMap.name }} + {{- end }} + {{- if .Values.yamlApplicationConfigSecret}} + - name: kafka-ui-yaml-conf-secret + secret: + secretName: {{ .Values.yamlApplicationConfigSecret.name }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/kafka-ui/templates/hpa.yaml b/charts/kafka-ui/templates/hpa.yaml new file mode 100644 index 0000000..77188bd --- /dev/null +++ b/charts/kafka-ui/templates/hpa.yaml @@ -0,0 +1,47 @@ +{{- if .Values.autoscaling.enabled }} +{{- $kubeCapabilityVersion := semver .Capabilities.KubeVersion.Version -}} +{{- $isHigher1p25 := ge (semver "1.25" | $kubeCapabilityVersion.Compare) 0 -}} +{{- if and ($.Capabilities.APIVersions.Has "autoscaling/v2") $isHigher1p25 -}} +apiVersion: autoscaling/v2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kafka-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kafka-ui.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if $isHigher1p25 }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if $isHigher1p25 }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/kafka-ui/templates/ingress.yaml b/charts/kafka-ui/templates/ingress.yaml new file mode 100644 index 0000000..5a17937 --- /dev/null +++ b/charts/kafka-ui/templates/ingress.yaml @@ -0,0 +1,98 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kafka-ui.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $kubeCapabilityVersion := semver .Capabilities.KubeVersion.Version -}} +{{- $isHigher1p19 := ge (semver "1.19" | $kubeCapabilityVersion.Compare) 0 -}} +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") $isHigher1p19 -}} +apiVersion: networking.k8s.io/v1 +{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ tpl .Values.ingress.host . }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - http: + paths: +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") $isHigher1p19 -}} + {{- range .Values.ingress.precedingPaths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .serviceName }} + port: + {{- if .servicePort }} + number: {{ .servicePort }} + {{- end }} + {{- if .servicePortName }} + name: {{ .servicePortName }} + {{- end }} + {{- end }} + - backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + pathType: {{ .Values.ingress.pathType }} +{{- if .Values.ingress.path }} + path: {{ .Values.ingress.path }} +{{- end }} + {{- range .Values.ingress.succeedingPaths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .serviceName }} + port: + number: {{ .servicePort }} + {{- end }} +{{- if tpl .Values.ingress.host . }} + host: {{tpl .Values.ingress.host . }} +{{- end }} +{{- else -}} + {{- range .Values.ingress.precedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + - backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} +{{- if .Values.ingress.path }} + path: {{ .Values.ingress.path }} +{{- end }} + {{- range .Values.ingress.succeedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} +{{- if tpl .Values.ingress.host . }} + host: {{ tpl .Values.ingress.host . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kafka-ui/templates/networkpolicy-egress.yaml b/charts/kafka-ui/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..cd98e99 --- /dev/null +++ b/charts/kafka-ui/templates/networkpolicy-egress.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.egressRules.customRules }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "kafka-ui.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- tpl (toYaml .Values.networkPolicy.egressRules.customRules) $ | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kafka-ui/templates/networkpolicy-ingress.yaml b/charts/kafka-ui/templates/networkpolicy-ingress.yaml new file mode 100644 index 0000000..0dcd552 --- /dev/null +++ b/charts/kafka-ui/templates/networkpolicy-ingress.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.customRules }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "kafka-ui.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + {{- if .Values.networkPolicy.ingressRules.customRules }} + {{- tpl (toYaml .Values.networkPolicy.ingressRules.customRules) $ | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kafka-ui/templates/secret.yaml b/charts/kafka-ui/templates/secret.yaml new file mode 100644 index 0000000..ba7f099 --- /dev/null +++ b/charts/kafka-ui/templates/secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envs.secret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "kafka-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- range $key, $val := .Values.envs.secret }} + {{ $key }}: {{ $val | quote }} + {{- end -}} +{{- end}} diff --git a/charts/kafka-ui/templates/service.yaml b/charts/kafka-ui/templates/service.yaml new file mode 100644 index 0000000..337e145 --- /dev/null +++ b/charts/kafka-ui/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kafka-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} +{{- if and (eq .Values.service.type "LoadBalancer") (.Values.service.loadBalancerIP) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if (and (eq .Values.service.type "NodePort") .Values.service.nodePort) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + {{- include "kafka-ui.selectorLabels" . | nindent 4 }} diff --git a/charts/kafka-ui/templates/serviceaccount.yaml b/charts/kafka-ui/templates/serviceaccount.yaml new file mode 100644 index 0000000..ddefde3 --- /dev/null +++ b/charts/kafka-ui/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kafka-ui.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kafka-ui/values.yaml b/charts/kafka-ui/values.yaml new file mode 100644 index 0000000..47ba40a --- /dev/null +++ b/charts/kafka-ui/values.yaml @@ -0,0 +1,271 @@ +## @section Common +## @param replicaCount Number of Kafka-UI replicas to deploy +replicaCount: 1 + +## @param image.registry [string] image registry +## @param image.repository [string] image repository +## @param image.pullPolicy [string] image pull policy +## @param image.tag [string] image tag (immutable tags are recommended) +image: + registry: ghcr.io + repository: kafbat/kafka-ui + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +## @param imagePullSecrets Docker registry secret names as an array +imagePullSecrets: [] +## @param nameOverride String to partially override chart name +nameOverride: "" +## @param fullnameOverride String to fully override app name +fullnameOverride: "" + +## @section ServiceAccount configuration +serviceAccount: + ## @param serviceAccount.name The name of the ServiceAccount to use. + name: "" + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + create: true + ## @param serviceAccount.annotations Additional Service Account annotations + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + +## @section Application configuration +## @param existingConfigMap [string] Name of the existing ConfigMap with kafbat-ui environment variables +existingConfigMap: "" +## @param yamlApplicationConfig Kafbat-UI config in Yaml format +yamlApplicationConfig: + {} + # kafka: + # clusters: + # - name: yaml + # bootstrapServers: kafka-service:9092 + # spring: + # security: + # oauth2: + # auth: + # type: disabled + # management: + # health: + # ldap: + # enabled: false +## @param yamlApplicationConfigConfigMap Map with name and keyName keys, name refers to the existing ConfigMap, keyName refers to the ConfigMap key with Kafbat-UI config in Yaml format +yamlApplicationConfigConfigMap: + {} + # keyName: config.yml + # name: configMapName +## @param yamlApplicationConfigSecret Secret with name and keyName keys, name refers to the existing ConfigMap, keyName refers to the ConfigMap key with Kafbat-UI config in Yaml format +yamlApplicationConfigSecret: + {} + # keyName: config.yml + # name: secretName +## @param existingSecret Name of the existing Secret with Kafbat-UI environment variables +existingSecret: "" +### @section Environment variables from +envs: + ## @param envs.secret Set of the sensitive environment variables to pass to Kafbat-UI + secret: {} + ## @param envs.config Set of the environment variables to pass to Kafbat-UI + config: {} + ## @param envs.secretMappings The mapping of existing secret to env variable. + secretMappings: {} + #ENV_NAME: + # name: kubernetes-secret-name + # keyName: kubernetes-secret-key + ## @param envs.configMappings The mapping of configmap and keyName to get env variable. + configMappings: {} + #ENV_NAME: + # name: kubernetes-configmap-name + # keyName: kubernetes-configmap-key +## @param env [object] Envs to be added to the Kafka-UI container +env: {} + +## @param resources Set Kafka-UI container requests and limits for different resources like CPU or memory (essential for production workloads) +resources: + {} + # limits: + # cpu: 200m + # memory: 512Mi + # requests: + # cpu: 200m + # memory: 256Mi + +## @param initContainers Add additional init containers to the Kafka-UI pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +initContainers: {} + +## @param volumeMounts [object] Optionally specify additional volumeMounts for the kafka-UI container +volumeMounts: {} +## @param volumes [object] Optionally specify additional volumes for the Kafka-UI pods +volumes: {} +## @param hostAliases [object] Kafka-UI pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: {} + +## @param extraContainers Specify additional containers in extraContainers. +## For example, to add an authentication proxy to a kafka-ui pod. +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## @section Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + enabled: false + ## @skip networkPolicy.egressRules + egressRules: + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: [] + ## @skip networkPolicy.ingressRules + ingressRules: + ## Additional custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: [] + +## @param podAnnotations Annotations for Kafka-UI pods +podAnnotations: {} +## @param podLabels Extra labels for Kafka-UI pods +podLabels: {} + +## @param annotations [object] Annotations to be added to kafka-ui Deployment +annotations: {} + +## @param labels [object] Labels to be added to kafka-ui Deployment +labels: {} + +## @param probes.useHttpsScheme Set field schema as HTTPS for readines and liveness probe +## +probes: + useHttpsScheme: false + +## @section Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext [object] The security settings that you specify for a Pod apply to all Containers in the Pod +podSecurityContext: + {} + # fsGroup: 2000 +## @param securityContext [object] The security settings that you specify for a Kafka-UI container +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +## @section Traffic Exposure Parameters +## Kafka-UI service parameters +## +service: + ## @param service.type Kafka-UI service type + type: ClusterIP + ## @param service.port Kafka-UI pod port number + port: 80 + # In case of service type LoadBalancer, you can specify reserved static IP + # loadBalancerIP: 10.11.12.13 + # if you want to force a specific nodePort. Must be use with service.type=NodePort + # nodePort: + +## Kafka-UI Ingress configuration +## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled [string] Enable ingress record generation for Kafka-UI + enabled: false + ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + annotations: {} + + ## @param ingress.labels [object] Labels for the Ingress + labels: {} + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: "/" + + + ## @param ingress.pathType Ingress path type + pathType: "Prefix" + + ## @param ingress.host Default hostname for the ingress record + host: "" + + # configs for Ingress TLS + tls: + # Enable TLS termination for the Ingress + ## @param ingress.tls.enabled Enable TLS configuration for the host defined at `ingress.host` parameter + enabled: false + ## @param ingress.tls.secretName [string] The name of a pre-created Secret containing a TLS private key and certificate + secretName: "" + + ## @param ingress.precedingPaths [array] HTTP paths to add to the Ingress before the default path + precedingPaths: [] + + ## @param ingress.succeedingPaths [array] Http paths to add to the Ingress after the default path + succeedingPaths: [] +## @param resources [object] Set Kafka-UI pod requests and limits for different resources like CPU or memory (essential for production workloads) + +## @section Scheduling + +## Autoscaling configuration +## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +## @skip autoscaling +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + # targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +## @param nodeSelector Node labels for Kafka-UI pods assignment +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} + +## @param tolerations Tolerations for Kafka-UI pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param affinity Affinity for Kafka-UI pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} + +## @param revisionHistoryLimit [nullable] Specify how many old ReplicaSets for this Deployment you want to retain +revisionHistoryLimit: null