diff --git a/Taskfile.yaml b/Taskfile.yaml index 4a175c3fbb..e40910cc30 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -170,7 +170,7 @@ tasks: sync:redpanda:chart: - task: sync:chart vars: - REF: charts/redpanda/v25.1.1-beta1 + REF: charts/redpanda/v25.1.1-beta3 LOCAL_DIR: charts/redpanda REMOTE_DIR: charts/redpanda diff --git a/charts/redpanda/CHANGELOG.md b/charts/redpanda/CHANGELOG.md index dd84d76d1a..1199aa386f 100644 --- a/charts/redpanda/CHANGELOG.md +++ b/charts/redpanda/CHANGELOG.md @@ -50,6 +50,23 @@ and is generated by [Changie](https://github.com/miniscruff/changie). * Update Console depedency to latest version with breaking change. Please visit Console change-log. * The name of the container running redpanda is now always set to `redpanda`. * bumped `appVersion` to [v25.1.1](https://github.com/redpanda-data/redpanda/releases/tag/v25.1.1). +* `serviceAccount.create` now defaults to `true`. + + The previous behavior resulted in using the `default` service account and + extending it with all bindings generated from the chart. Such behavior is + unlikely to be desired. +* `rpk debug bundle --namespace $NAMESPACE` now works by default. + + The chart now creates a set of `Roles` and `RoleBindings` that satisfy the + requirements of running `rpk debug bundle` from any redpanda Pod. These + permissions may be disabled by specifying `rbac.rpkDebugBundle=false`. + + Additionally, the redpanda container now always has a Kubernetes + ServiceAccount token mounted to it to ensure `rpk debug bundle` can be + executed successfully. +* Update Console depedency to latest version `v3.1.0`. Please visit Console change-log. +### Deprecated +* `.statefulset.sidecars.controllers.image` is now deprecated. It may be specified but will not be respected. Use `.statefulset.sidecars.image` instead. ### Removed * Connectors sub-chart integration. @@ -96,6 +113,8 @@ of `enterprise.license` and `enterprise.licenseSecretRef`, respectively. - `statefulset.sidecars.extraVolumeMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` - `statefulset.sidecars.resources` -> `statefulset.podTemplate.spec.containers[*].resources` - `statefulset.sidecars.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` +* Removed regex validation of all image tags. +* The unrespected`kafkaEndpoint` listener parameter has been removed from `values.yaml` ### Fixed * Reverse order of applying resources to first create ClusterRole and then ClusterRoleBinding. When Redpanda custom resource has enabled RBAC the reconciliation was blocked due @@ -103,6 +122,261 @@ of `enterprise.license` and `enterprise.licenseSecretRef`, respectively. * Fixed an issue where not explicitly specifying a SASL auth mechanism when SASL is enabled caused Console to fail to start up. * Prevent broker nodes from restarting when solely the cluster replica amount changes +* `authentication_method` is no longer set on `http_api` as redpanda itself does not support authentication on the http API. +* Fixed rack awareness by mounting a service account token to the initcontainer when rack awareness is enabled. +* Broken `Issuer`s and `Certificate`s are no longer needlessly generated when `tls..issuerRef` is provided. +* Fixed the security contexts' of `set-datadir-ownership` and `set-tiered-storage-cache-dir-ownership`. +* The `schema_registry_client` and `pandaproxy_client` stanzas of `redpanda.yaml` + now respect `listeners.kafka.tls.trustStore`, when provided. + See also [helm-chart 1573 issue](https://github.com/redpanda-data/helm-charts/issues/1573). + + +## [v25.1.1-beta3](https://github.com/redpanda-data/redpanda-operator/releases/tag/charts%2Fredpanda%2Fv25.1.1-beta3) - 2025-05-06 +### Added +* Added a chart wide `podTemplate` field which may be used to control Pod attributes chart wide. + + This field has a lower precedence than `statefulset.podTemplate` and + `post_install_job.podTemplate` but will still be merged with them. +* `podTemplate`, `statefulset.podTemplate`, and `post_install_job.podTemplate` may now contain template expressions **with in string fields** + + To compensate for some of the functionality that was lost with the removal of + fields like `extraVolumes`, we've upgraded `podTemplate` fields to support + templating. Rather than allowing full control over a structured value, we've + reduced the scope to only string fields. This is significantly more + maintainable and less error prone. + + As an example, the below snippet will apply the release name as an annotation + to all Pods created by the chart. + + ```yaml + podTemplate: + annotations: + "keys-cannot-be-templated": '{{ .Release.Name }}' # But values can! + ``` + + See `values.yaml` for additional examples. +### Changed +* Promoted the config-watcher sidecar into a real go binary that handles user management and simplifies cluster health checks so they no longer fail when the sole issue is that other nodes in the cluster are unavailable. Additionally the new sidecar subsumes the behavior of the `statefulset.sideCars.controllers` stanza which should now be specified via their own `enabled` flags. +* `clusterDomain` now defaults to `cluster.local.` (A trialing `.` has been added) and the chart no longer adds trailing `.`'s to internal domains. + + For users not experiencing issues with trailing `.`'s this change has no + effect. For users that have had issues with trailing `.`'s, it's now possible + to opt-out of this behavior by explicitly setting `clusterDomain` to `cluster.local`. + + For users that override `clusterDomain`, copied a previous releases + values.yaml, or use the `--reuse-values` flag, trailing `.`'s will be tripped + from domains upon updating. This behavior may be opted into by appending a + `.` to `clusterDomain` prior to upgrading. +* Bump AppVersion to v24.3.6 Redpanda release +* Bump Redpanda operator side car container tag to `v2.3.7-24.3.6`. +* `values.schema.json` is now "closed" (`additionalProperties: false`) + + Any unexpected values will result in a validation error,previously they would + have been ignored. +* Update Console depedency to latest version with breaking change. Please visit Console change-log. +* The name of the container running redpanda is now always set to `redpanda`. +* bumped `appVersion` to [v25.1.1](https://github.com/redpanda-data/redpanda/releases/tag/v25.1.1). +* `serviceAccount.create` now defaults to `true`. + + The previous behavior resulted in using the `default` service account and + extending it with all bindings generated from the chart. Such behavior is + unlikely to be desired. +* `rpk debug bundle --namespace $NAMESPACE` now works by default. + + The chart now creates a set of `Roles` and `RoleBindings` that satisfy the + requirements of running `rpk debug bundle` from any redpanda Pod. These + permissions may be disabled by specifying `rbac.rpkDebugBundle=false`. + + Additionally, the redpanda container now always has a Kubernetes + ServiceAccount token mounted to it to ensure `rpk debug bundle` can be + executed successfully. +* Update Console depedency to latest version `v3.1.0`. Please visit Console change-log. +### Deprecated +* `.statefulset.sidecars.controllers.image` is now deprecated. It may be specified but will not be respected. Use `.statefulset.sidecars.image` instead. +### Removed +* Connectors sub-chart integration. + + The connectors chart may still be deployed separately, though it is not + officially support. If possible, it is recommended to migrate to redpanda + connect. +* Removed the deprecated fields `license_key` and `license_secret_ref` in favor +of `enterprise.license` and `enterprise.licenseSecretRef`, respectively. +* `statefulset.securityContext`, `statefulset.sideCars.configWatcher.securityContext` have been removed. + + These fields previously served as both PodSecurityContext and SecurityContext + across the entire chart which led to confusing semantics that couldn't be + fixed without breaking backwards compatiblity. + + The top level `podTemplate` field may be used to control + PodSecurityContexts and SecurityContexts across the chart. +* Fields that would be better served through `podTemplate` have been removed in favor of using `podTemplate`. + + Removed fields: + - `nodeSelector` -> `podTemplate.spec.nodeSelector` + - `affinity` -> `podTemplate.spec.affinity` + - `tolerations` -> `podTemplate.spec.tolerations` + - `imagePullSecrets` -> `podTemplate.spec.imagePullSecrets` + - `statefulset.annotations` -> `statefulset.podTemplate.annotations` + - `statefulset.startupProbe` -> `statefulset.podTemplate.spec.containers[0].startupProbe` + - `statefulset.livenessProbe` -> `statefulset.podTemplate.spec.containers[0].livenessProbe` + - `statefulset.readinessProbe` -> `statefulset.podTemplate.spec.containers[1].readinessProbe` + - `statefulset.podAffinity` -> `statefulset.podTemplate.spec.affinity.podAffinity` + - `statefulset.nodeSelector` -> `statefulset.podTemplate.spec.nodeSelector` + - `statefulset.priorityClassName` -> `statefulset.podTemplate.spec.priorityClassName` + - `statefulset.tolerations` -> `statefulset.podTemplate.spec.tolerations` + - `statefulset.topologySpreadConstraints` -> `statefulset.podTemplate.spec.topologySpreadConstraints` + - `statefulset.terminationGracePeriodSeconds` -> `statefulset.podTemplate.spec.terminationGracePeriodSeconds` + - `statefulset.extraVolumes` -> `statefulset.podTemplate.spec.volumes` + - `statefulset.extraVolumesMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.initContainers.*.extraVolumesMounts` -> `statefulset.podTemplate.spec.initContainers[*].volumeMounts` + - `statefulset.initContainers.*.resources` -> `statefulset.podTemplate.spec.initContainers[*].resources` + - `statefulset.initContainers.extraInitContainers` -> `statefulset.podTemplate.spec.initContainers` + - `statefulset.sidecars.configWatcher.extraVolumeMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.sidecars.configWatcher.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.configWatcher.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` + - `statefulset.sidecars.controllers.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.controllers.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` + - `statefulset.sidecars.extraVolumeMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.sidecars.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` +* Removed regex validation of all image tags. +### Fixed +* Reverse order of applying resources to first create ClusterRole and then ClusterRoleBinding. + When Redpanda custom resource has enabled RBAC the reconciliation was blocked due + ClusterRoleBinding referencing not yet created ClusterRole. + +* Fixed an issue where not explicitly specifying a SASL auth mechanism when SASL is enabled caused Console to fail to start up. +* Prevent broker nodes from restarting when solely the cluster replica amount changes +* Fixed rack awareness by mounting a service account token to the initcontainer when rack awareness is enabled. +* Broken `Issuer`s and `Certificate`s are no longer needlessly generated when `tls..issuerRef` is provided. +* Fixed the security contexts' of `set-datadir-ownership` and `set-tiered-storage-cache-dir-ownership`. +* The `schema_registry_client` and `pandaproxy_client` stanzas of `redpanda.yaml` + now respect `listeners.kafka.tls.trustStore`, when provided. + See also [helm-chart 1573 issue](https://github.com/redpanda-data/helm-charts/issues/1573). + + +## [v25.1.1-beta2](https://github.com/redpanda-data/redpanda-operator/releases/tag/charts%2Fredpanda%2Fv25.1.1-beta2) - 2025-05-02 +### Added +* Added a chart wide `podTemplate` field which may be used to control Pod attributes chart wide. + + This field has a lower precedence than `statefulset.podTemplate` and + `post_install_job.podTemplate` but will still be merged with them. +* `podTemplate`, `statefulset.podTemplate`, and `post_install_job.podTemplate` may now contain template expressions **with in string fields** + + To compensate for some of the functionality that was lost with the removal of + fields like `extraVolumes`, we've upgraded `podTemplate` fields to support + templating. Rather than allowing full control over a structured value, we've + reduced the scope to only string fields. This is significantly more + maintainable and less error prone. + + As an example, the below snippet will apply the release name as an annotation + to all Pods created by the chart. + + ```yaml + podTemplate: + annotations: + "keys-cannot-be-templated": '{{ .Release.Name }}' # But values can! + ``` + + See `values.yaml` for additional examples. +### Changed +* Promoted the config-watcher sidecar into a real go binary that handles user management and simplifies cluster health checks so they no longer fail when the sole issue is that other nodes in the cluster are unavailable. Additionally the new sidecar subsumes the behavior of the `statefulset.sideCars.controllers` stanza which should now be specified via their own `enabled` flags. +* `clusterDomain` now defaults to `cluster.local.` (A trialing `.` has been added) and the chart no longer adds trailing `.`'s to internal domains. + + For users not experiencing issues with trailing `.`'s this change has no + effect. For users that have had issues with trailing `.`'s, it's now possible + to opt-out of this behavior by explicitly setting `clusterDomain` to `cluster.local`. + + For users that override `clusterDomain`, copied a previous releases + values.yaml, or use the `--reuse-values` flag, trailing `.`'s will be tripped + from domains upon updating. This behavior may be opted into by appending a + `.` to `clusterDomain` prior to upgrading. +* Bump AppVersion to v24.3.6 Redpanda release +* Bump Redpanda operator side car container tag to `v2.3.7-24.3.6`. +* `values.schema.json` is now "closed" (`additionalProperties: false`) + + Any unexpected values will result in a validation error,previously they would + have been ignored. +* Update Console depedency to latest version with breaking change. Please visit Console change-log. +* The name of the container running redpanda is now always set to `redpanda`. +* bumped `appVersion` to [v25.1.1](https://github.com/redpanda-data/redpanda/releases/tag/v25.1.1). +* `serviceAccount.create` now defaults to `true`. + + The previous behavior resulted in using the `default` service account and + extending it with all bindings generated from the chart. Such behavior is + unlikely to be desired. +* `rpk debug bundle --namespace $NAMESPACE` now works by default. + + The chart now creates a set of `Roles` and `RoleBindings` that satisfy the + requirements of running `rpk debug bundle` from any redpanda Pod. These + permissions may be disabled by specifying `rbac.rpkDebugBundle=false`. + + Additionally, the redpanda container now always has a Kubernetes + ServiceAccount token mounted to it to ensure `rpk debug bundle` can be + executed successfully. +### Deprecated +* `.statefulset.sidecars.controllers.image` is now deprecated. It may be specified but will not be respected. Use `.statefulset.sidecars.image` instead. +### Removed +* Connectors sub-chart integration. + + The connectors chart may still be deployed separately, though it is not + officially support. If possible, it is recommended to migrate to redpanda + connect. +* Removed the deprecated fields `license_key` and `license_secret_ref` in favor +of `enterprise.license` and `enterprise.licenseSecretRef`, respectively. +* `statefulset.securityContext`, `statefulset.sideCars.configWatcher.securityContext` have been removed. + + These fields previously served as both PodSecurityContext and SecurityContext + across the entire chart which led to confusing semantics that couldn't be + fixed without breaking backwards compatiblity. + + The top level `podTemplate` field may be used to control + PodSecurityContexts and SecurityContexts across the chart. +* Fields that would be better served through `podTemplate` have been removed in favor of using `podTemplate`. + + Removed fields: + - `nodeSelector` -> `podTemplate.spec.nodeSelector` + - `affinity` -> `podTemplate.spec.affinity` + - `tolerations` -> `podTemplate.spec.tolerations` + - `imagePullSecrets` -> `podTemplate.spec.imagePullSecrets` + - `statefulset.annotations` -> `statefulset.podTemplate.annotations` + - `statefulset.startupProbe` -> `statefulset.podTemplate.spec.containers[0].startupProbe` + - `statefulset.livenessProbe` -> `statefulset.podTemplate.spec.containers[0].livenessProbe` + - `statefulset.readinessProbe` -> `statefulset.podTemplate.spec.containers[1].readinessProbe` + - `statefulset.podAffinity` -> `statefulset.podTemplate.spec.affinity.podAffinity` + - `statefulset.nodeSelector` -> `statefulset.podTemplate.spec.nodeSelector` + - `statefulset.priorityClassName` -> `statefulset.podTemplate.spec.priorityClassName` + - `statefulset.tolerations` -> `statefulset.podTemplate.spec.tolerations` + - `statefulset.topologySpreadConstraints` -> `statefulset.podTemplate.spec.topologySpreadConstraints` + - `statefulset.terminationGracePeriodSeconds` -> `statefulset.podTemplate.spec.terminationGracePeriodSeconds` + - `statefulset.extraVolumes` -> `statefulset.podTemplate.spec.volumes` + - `statefulset.extraVolumesMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.initContainers.*.extraVolumesMounts` -> `statefulset.podTemplate.spec.initContainers[*].volumeMounts` + - `statefulset.initContainers.*.resources` -> `statefulset.podTemplate.spec.initContainers[*].resources` + - `statefulset.initContainers.extraInitContainers` -> `statefulset.podTemplate.spec.initContainers` + - `statefulset.sidecars.configWatcher.extraVolumeMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.sidecars.configWatcher.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.configWatcher.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` + - `statefulset.sidecars.controllers.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.controllers.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` + - `statefulset.sidecars.extraVolumeMounts` -> `statefulset.podTemplate.spec.containers[*].volumeMounts` + - `statefulset.sidecars.resources` -> `statefulset.podTemplate.spec.containers[*].resources` + - `statefulset.sidecars.securityContext` -> `statefulset.podTemplate.spec.containers[*].securityContext` +* Removed regex validation of all image tags. +### Fixed +* Reverse order of applying resources to first create ClusterRole and then ClusterRoleBinding. + When Redpanda custom resource has enabled RBAC the reconciliation was blocked due + ClusterRoleBinding referencing not yet created ClusterRole. + +* Fixed an issue where not explicitly specifying a SASL auth mechanism when SASL is enabled caused Console to fail to start up. +* Prevent broker nodes from restarting when solely the cluster replica amount changes +* Fixed rack awareness by mounting a service account token to the initcontainer when rack awareness is enabled. +* Broken `Issuer`s and `Certificate`s are no longer needlessly generated when `tls..issuerRef` is provided. +* Fixed the security contexts' of `set-datadir-ownership` and `set-tiered-storage-cache-dir-ownership`. +* The `schema_registry_client` and `pandaproxy_client` stanzas of `redpanda.yaml` + now respect `listeners.kafka.tls.trustStore`, when provided. + See also [helm-chart 1573 issue](https://github.com/redpanda-data/helm-charts/issues/1573). + ## v25.1.1-beta1 - 2025-04-08 ### Added diff --git a/charts/redpanda/Chart.yaml b/charts/redpanda/Chart.yaml index 41392a1bc8..8e60990bb3 100644 --- a/charts/redpanda/Chart.yaml +++ b/charts/redpanda/Chart.yaml @@ -23,11 +23,11 @@ type: application # The chart version and the app version are not the same and will not track # together. The chart version is a semver representation of changes to this # chart. -version: 25.1.1-beta1 +version: 25.1.1-beta3 # The app version is the default version of Redpanda to install. # ** NOTE for maintainers: please ensure the artifacthub image annotation is updated before merging -appVersion: v25.1.1 +appVersion: v25.1.2 # kubeVersion must be suffixed with "-0" to be able to match cloud providers # kubernetes versions like "v1.23.8-gke.1900". Their suffix is interpreted as a @@ -37,7 +37,7 @@ kubeVersion: ">= 1.25.0-0" dependencies: - name: console condition: console.enabled - version: ">=3.0.0-0" + version: ">=3.1.0-0" repository: https://charts.redpanda.com alias: console diff --git a/charts/redpanda/README.md b/charts/redpanda/README.md index b35bb8f7f7..3497700a98 100644 --- a/charts/redpanda/README.md +++ b/charts/redpanda/README.md @@ -3,7 +3,7 @@ description: Find the default values and descriptions of settings in the Redpanda Helm chart. --- -![Version: 25.1.1-beta1](https://img.shields.io/badge/Version-25.1.1--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.1](https://img.shields.io/badge/AppVersion-v25.1.1-informational?style=flat-square) +![Version: 25.1.1-beta3](https://img.shields.io/badge/Version-25.1.1--beta3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.2](https://img.shields.io/badge/AppVersion-v25.1.2-informational?style=flat-square) This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/redpanda/values.yaml). Each of the settings is listed and described on this page, along with any default values. @@ -22,7 +22,7 @@ Kubernetes: `>= 1.25.0-0` | Repository | Name | Version | |------------|------|---------| -| https://charts.redpanda.com | console(console) | >=3.0.0-0 | +| https://charts.redpanda.com | console(console) | >=3.1.0-0 | ## Settings @@ -305,15 +305,9 @@ Redpanda Docker image settings. **Default:** ``` -{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""} +{"repository":"docker.redpanda.com/redpandadata/redpanda","tag":""} ``` -### [image.pullPolicy](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image.pullPolicy) - -The imagePullPolicy. If `image.tag` is 'latest', the default is `Always`. - -**Default:** `"IfNotPresent"` - ### [image.repository](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image.repository) Docker repository from which to pull the Redpanda Docker image. @@ -337,7 +331,7 @@ Listener settings. Override global settings configured above for individual lis **Default:** ``` -{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}} +{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"port":8081,"tls":{"cert":"default","requireClientAuth":false}}} ``` ### [listeners.admin](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin) @@ -411,7 +405,7 @@ HTTP API listeners (aka PandaProxy). **Default:** ``` -{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}} +{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"port":8082,"tls":{"cert":"default","requireClientAuth":false}} ``` ### [listeners.kafka](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.kafka) @@ -459,7 +453,7 @@ Schema registry listeners. **Default:** ``` -{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}} +{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"port":8081,"tls":{"cert":"default","requireClientAuth":false}} ``` ### [logging](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=logging) @@ -587,7 +581,7 @@ Role Based Access Control. **Default:** ``` -{"annotations":{},"enabled":false} +{"annotations":{},"enabled":true,"rpkDebugBundle":true} ``` ### [rbac.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.annotations) @@ -598,9 +592,15 @@ Annotations to add to the `rbac` resources. ### [rbac.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.enabled) -Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. +Controls whether or not Roles, ClusterRoles, and bindings thereof will be generated. Disabling this very likely result in a non-functional deployment. If you use the Redpanda Operator, you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. -**Default:** `false` +**Default:** `true` + +### [rbac.rpkDebugBundle](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.rpkDebugBundle) + +Controls whether or not a Role and RoleBinding will be generated for the permissions required by `rpk debug bundle`. Disabling will not affect the redpanda deployment itself but a bundle is required to engage with our support. + +**Default:** `true` ### [resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources) @@ -688,7 +688,7 @@ Service account management. **Default:** ``` -{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""} +{"annotations":{},"create":true,"name":""} ``` ### [serviceAccount.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.annotations) @@ -697,17 +697,11 @@ Annotations to add to the service account. **Default:** `{}` -### [serviceAccount.automountServiceAccountToken](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.automountServiceAccountToken) - -Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers - -**Default:** `false` - ### [serviceAccount.create](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.create) Specifies whether a service account should be created. -**Default:** `false` +**Default:** `true` ### [serviceAccount.name](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.name) @@ -857,18 +851,6 @@ Number of Redpanda brokers (Redpanda Data recommends setting this to the number **Default:** `":8085"` -### [statefulset.sideCars.controllers.image.repository](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.image.repository) - -**Default:** - -``` -"docker.redpanda.com/redpandadata/redpanda-operator" -``` - -### [statefulset.sideCars.controllers.image.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.image.tag) - -**Default:** `"v2.3.8-24.3.6"` - ### [statefulset.sideCars.controllers.metricsAddress](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.metricsAddress) **Default:** `":9082"` @@ -891,7 +873,7 @@ Number of Redpanda brokers (Redpanda Data recommends setting this to the number ### [statefulset.sideCars.image.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.image.tag) -**Default:** `"v2.3.8-24.3.6"` +**Default:** `"v25.1.1-beta2"` ### [statefulset.sideCars.pvcUnbinder.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.pvcUnbinder.enabled) diff --git a/charts/redpanda/ci/12-external-cert-secrets-values.yaml b/charts/redpanda/ci/12-external-cert-secrets-values.yaml index 6743eac7dd..f409924745 100644 --- a/charts/redpanda/ci/12-external-cert-secrets-values.yaml +++ b/charts/redpanda/ci/12-external-cert-secrets-values.yaml @@ -56,7 +56,6 @@ listeners: schemaRegistry: enabled: true port: 8081 - kafkaEndpoint: default tls: # Optional flag to override the global TLS enabled flag. # enabled: true @@ -75,7 +74,6 @@ listeners: http: enabled: true port: 8082 - kafkaEndpoint: default tls: # Optional flag to override the global TLS enabled flag. # enabled: true diff --git a/charts/redpanda/ci/40-empty-string-tls-novalues.yaml b/charts/redpanda/ci/40-empty-string-tls-novalues.yaml index f96a88383b..42df20295e 100644 --- a/charts/redpanda/ci/40-empty-string-tls-novalues.yaml +++ b/charts/redpanda/ci/40-empty-string-tls-novalues.yaml @@ -17,7 +17,6 @@ listeners: authenticationMethod: none enabled: true external: {} - kafkaEndpoint: kafka-default port: 8082 tls: cert: "" diff --git a/charts/redpanda/files/decommission.ClusterRole.yaml b/charts/redpanda/files/decommission.ClusterRole.yaml new file mode 100644 index 0000000000..9f83f89653 --- /dev/null +++ b/charts/redpanda/files/decommission.ClusterRole.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: decommission +rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch diff --git a/charts/redpanda/files/decommission.Role.yaml b/charts/redpanda/files/decommission.Role.yaml new file mode 100644 index 0000000000..053fde21fc --- /dev/null +++ b/charts/redpanda/files/decommission.Role.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: decommission + namespace: default +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch diff --git a/charts/redpanda/files/pvcunbinder.ClusterRole.yaml b/charts/redpanda/files/pvcunbinder.ClusterRole.yaml new file mode 100644 index 0000000000..6d831ae37c --- /dev/null +++ b/charts/redpanda/files/pvcunbinder.ClusterRole.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pvcunbinder +rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch diff --git a/charts/redpanda/files/pvcunbinder.Role.yaml b/charts/redpanda/files/pvcunbinder.Role.yaml new file mode 100644 index 0000000000..c3e0fa90d6 --- /dev/null +++ b/charts/redpanda/files/pvcunbinder.Role.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pvcunbinder + namespace: default +rules: + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch diff --git a/charts/redpanda/files/rack-awareness.ClusterRole.yaml b/charts/redpanda/files/rack-awareness.ClusterRole.yaml new file mode 100644 index 0000000000..ebf5bed8ba --- /dev/null +++ b/charts/redpanda/files/rack-awareness.ClusterRole.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rack-awareness +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get diff --git a/charts/redpanda/files/rpk-debug-bundle.Role.yaml b/charts/redpanda/files/rpk-debug-bundle.Role.yaml new file mode 100644 index 0000000000..540c36e883 --- /dev/null +++ b/charts/redpanda/files/rpk-debug-bundle.Role.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rpk-debug-bundle + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list diff --git a/charts/redpanda/files/sidecar.Role.yaml b/charts/redpanda/files/sidecar.Role.yaml new file mode 100644 index 0000000000..61f4a4328f --- /dev/null +++ b/charts/redpanda/files/sidecar.Role.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sidecar + namespace: default +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/redpanda/templates/_cert-issuers.go.tpl b/charts/redpanda/templates/_cert-issuers.go.tpl index 31f4bae116..15ea88ee41 100644 --- a/charts/redpanda/templates/_cert-issuers.go.tpl +++ b/charts/redpanda/templates/_cert-issuers.go.tpl @@ -4,7 +4,7 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_25_issuers__ := (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot) ))) "r") -}} +{{- $_25_issuers__ := (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot)))) "r") -}} {{- $issuers := (index $_25_issuers__ 0) -}} {{- $_ := (index $_25_issuers__ 1) -}} {{- $_is_returning = true -}} @@ -17,7 +17,7 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_30___cas := (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot) ))) "r") -}} +{{- $_30___cas := (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot)))) "r") -}} {{- $_ := (index $_30___cas 0) -}} {{- $cas := (index $_30___cas 1) -}} {{- $_is_returning = true -}} @@ -33,20 +33,18 @@ {{- $values := $dot.Values.AsMap -}} {{- $issuers := (coalesce nil) -}} {{- $certs := (coalesce nil) -}} -{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" (list $issuers $certs)) | toJson -}} {{- break -}} {{- end -}} {{- range $name, $data := $values.tls.certs -}} -{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true) ))) "r"))) -}} +{{- if (or (or (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true)))) "r")) (ne (toJson $data.secretRef) "null")) (ne (toJson $data.issuerRef) "null")) -}} {{- continue -}} {{- end -}} -{{- if (eq (toJson $data.issuerRef) "null") -}} -{{- $issuers = (concat (default (list ) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "selfSigned" (mustMergeOverwrite (dict ) (dict )) )) (dict )) )))) -}} -{{- end -}} -{{- $issuers = (concat (default (list ) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-root-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "ca" (mustMergeOverwrite (dict "secretName" "" ) (dict "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) )) )) (dict )) )))) -}} -{{- $certs = (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list (default "43800h" $data.duration)) ))) "r")) ))) "r") "isCA" true "commonName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) "issuerRef" (mustMergeOverwrite (dict "name" "" ) (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "kind" "Issuer" "group" "cert-manager.io" )) )) )))) -}} +{{- $issuers = (concat (default (list) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "selfSigned" (mustMergeOverwrite (dict) (dict)))) (dict)))))) -}} +{{- $certs = (concat (default (list) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "secretName" "" "issuerRef" (dict "name" "")) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "")) (dict "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list (default "43800h" $data.duration))))) "r"))))) "r") "isCA" true "commonName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "privateKey" (mustMergeOverwrite (dict) (dict "algorithm" "ECDSA" "size" (256 | int))) "issuerRef" (mustMergeOverwrite (dict "name" "") (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "kind" "Issuer" "group" "cert-manager.io")))))))) -}} +{{- $issuers = (concat (default (list) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf `%s-%s-root-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "ca" (mustMergeOverwrite (dict "secretName" "") (dict "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $name))))) (dict)))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} diff --git a/charts/redpanda/templates/_certs.go.tpl b/charts/redpanda/templates/_certs.go.tpl index dc093fc15a..f436f80b28 100644 --- a/charts/redpanda/templates/_certs.go.tpl +++ b/charts/redpanda/templates/_certs.go.tpl @@ -4,67 +4,67 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (list )) | toJson -}} +{{- (dict "r" (list)) | toJson -}} {{- break -}} {{- end -}} {{- $values := $dot.Values.AsMap -}} -{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") -}} -{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") -}} +{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") -}} +{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot)))) "r") -}} {{- $ns := $dot.Release.Namespace -}} {{- $domain := (trimSuffix "." $values.clusterDomain) -}} {{- $certs := (coalesce nil) -}} {{- range $name, $data := $values.tls.certs -}} -{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true) ))) "r"))) -}} +{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true)))) "r"))) -}} {{- continue -}} {{- end -}} {{- $names := (coalesce nil) -}} -{{- if (or (eq (toJson $data.issuerRef) "null") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.applyInternalDNSNames false) ))) "r")) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s" $fullname $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s" $fullname $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s.%s.svc.%s" $service $ns $domain))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s.%s.svc" $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "%s.%s" $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s.svc.%s" $service $ns $domain))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s.svc" $service $ns))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s" $service $ns))) -}} +{{- if (or (eq (toJson $data.issuerRef) "null") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.applyInternalDNSNames false)))) "r")) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s-cluster.%s.%s" $fullname $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s-cluster.%s.%s" $fullname $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s.%s.svc.%s" $service $ns $domain))) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s.%s.svc" $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "%s.%s" $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s.%s.svc.%s" $service $ns $domain))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s.%s.svc" $service $ns))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s.%s" $service $ns))) -}} {{- end -}} {{- if (ne (toJson $values.external.domain) "null") -}} -{{- $names = (concat (default (list ) $names) (list (tpl $values.external.domain $dot))) -}} -{{- $names = (concat (default (list ) $names) (list (printf "*.%s" (tpl $values.external.domain $dot)))) -}} +{{- $names = (concat (default (list) $names) (list (tpl $values.external.domain $dot))) -}} +{{- $names = (concat (default (list) $names) (list (printf "*.%s" (tpl $values.external.domain $dot)))) -}} {{- end -}} {{- $duration := (default "43800h" $data.duration) -}} -{{- $issuerRef := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.issuerRef (mustMergeOverwrite (dict "name" "" ) (dict "kind" "Issuer" "group" "cert-manager.io" "name" (printf "%s-%s-root-issuer" $fullname $name) ))) ))) "r") -}} -{{- $certs = (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-%s-cert" $fullname $name) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "dnsNames" $names "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration) ))) "r")) ))) "r") "isCA" false "issuerRef" $issuerRef "secretName" (printf "%s-%s-cert" $fullname $name) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) )) )))) -}} +{{- $issuerRef := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.issuerRef (mustMergeOverwrite (dict "name" "") (dict "kind" "Issuer" "group" "cert-manager.io" "name" (printf "%s-%s-root-issuer" $fullname $name))))))) "r") -}} +{{- $certs = (concat (default (list) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "secretName" "" "issuerRef" (dict "name" "")) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-%s-cert" $fullname $name) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace)) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "")) (dict "dnsNames" $names "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration)))) "r"))))) "r") "isCA" false "issuerRef" $issuerRef "secretName" (printf "%s-%s-cert" $fullname $name) "privateKey" (mustMergeOverwrite (dict) (dict "algorithm" "ECDSA" "size" (256 | int))))))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $name := $values.listeners.kafka.tls.cert -}} -{{- $_99_data_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.tls.certs $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) )) ))) "r") -}} +{{- $_99_data_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.tls.certs $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)))))) "r") -}} {{- $data := (index $_99_data_ok 0) -}} {{- $ok := (index $_99_data_ok 1) -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "Certificate %q referenced but not defined" $name)) -}} {{- end -}} -{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "redpanda.ClientAuthRequired" (dict "a" (list $dot) ))) "r"))) -}} +{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "redpanda.ClientAuthRequired" (dict "a" (list $dot)))) "r"))) -}} {{- $_is_returning = true -}} {{- (dict "r" $certs) | toJson -}} {{- break -}} {{- end -}} -{{- $issuerRef := (mustMergeOverwrite (dict "name" "" ) (dict "group" "cert-manager.io" "kind" "Issuer" "name" (printf "%s-%s-root-issuer" $fullname $name) )) -}} +{{- $issuerRef := (mustMergeOverwrite (dict "name" "") (dict "group" "cert-manager.io" "kind" "Issuer" "name" (printf "%s-%s-root-issuer" $fullname $name))) -}} {{- if (ne (toJson $data.issuerRef) "null") -}} {{- $issuerRef = $data.issuerRef -}} {{- $_ := (set $issuerRef "group" "cert-manager.io") -}} {{- end -}} {{- $duration := (default "43800h" $data.duration) -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-client" $fullname) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "commonName" (printf "%s-client" $fullname) "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration) ))) "r")) ))) "r") "isCA" false "secretName" (printf "%s-client" $fullname) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) "issuerRef" $issuerRef )) ))))) | toJson -}} +{{- (dict "r" (concat (default (list) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "secretName" "" "issuerRef" (dict "name" "")) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-client" $fullname) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "")) (dict "commonName" (printf "%s-client" $fullname) "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration)))) "r"))))) "r") "isCA" false "secretName" (printf "%s-client" $fullname) "privateKey" (mustMergeOverwrite (dict) (dict "algorithm" "ECDSA" "size" (256 | int))) "issuerRef" $issuerRef))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_chart.go.tpl b/charts/redpanda/templates/_chart.go.tpl index ad08827111..a57b6f1cab 100644 --- a/charts/redpanda/templates/_chart.go.tpl +++ b/charts/redpanda/templates/_chart.go.tpl @@ -4,56 +4,68 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $manifests := (list (get (fromJson (include "redpanda.NodePortService" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.PodDisruptionBudget" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceAccount" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceInternal" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceMonitor" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.SidecarControllersRole" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.SidecarControllersRoleBinding" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.StatefulSet" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.PostInstallUpgradeJob" (dict "a" (list $dot) ))) "r")) -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.ConfigMaps" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- $manifests := (list (get (fromJson (include "redpanda.NodePortService" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.PodDisruptionBudget" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.ServiceAccount" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.ServiceInternal" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.ServiceMonitor" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.StatefulSet" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.PostInstallUpgradeJob" (dict "a" (list $dot)))) "r")) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ConfigMaps" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.CertIssuers" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.CertIssuers" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.RootCAs" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.RootCAs" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.ClientCerts" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClientCerts" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoles" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.Roles" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoleBindings" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoles" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.LoadBalancerServices" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.RoleBindings" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $obj := (get (fromJson (include "redpanda.Secrets" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoleBindings" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $manifests = (concat (default (list ) $manifests) (default (list ) (get (fromJson (include "redpanda.consoleChartIntegration" (dict "a" (list $dot) ))) "r"))) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.LoadBalancerServices" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.Secrets" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $manifests = (concat (default (list) $manifests) (default (list) (get (fromJson (include "redpanda.consoleChartIntegration" (dict "a" (list $dot)))) "r"))) -}} {{- $_is_returning = true -}} {{- (dict "r" $manifests) | toJson -}} {{- break -}} diff --git a/charts/redpanda/templates/_configmap.go.tpl b/charts/redpanda/templates/_configmap.go.tpl index ba8543667d..c5b0a83634 100644 --- a/charts/redpanda/templates/_configmap.go.tpl +++ b/charts/redpanda/templates/_configmap.go.tpl @@ -4,7 +4,7 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $cms := (list (get (fromJson (include "redpanda.RedpandaConfigMap" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.RPKProfile" (dict "a" (list $dot) ))) "r")) -}} +{{- $cms := (list (get (fromJson (include "redpanda.RedpandaConfigMap" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.RPKProfile" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $cms) | toJson -}} {{- break -}} @@ -16,7 +16,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ConfigMap" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "data" (dict "bootstrap.yaml" (get (fromJson (include "redpanda.BootstrapFile" (dict "a" (list $dot) ))) "r") "redpanda.yaml" (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot true) ))) "r") ) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "kind" "ConfigMap" "apiVersion" "v1")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "data" (dict "bootstrap.yaml" (get (fromJson (include "redpanda.BootstrapFile" (dict "a" (list $dot)))) "r") "redpanda.yaml" (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot true)))) "r"))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -26,24 +26,24 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $bootstrap := (dict "kafka_enable_authorization" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") "enable_sasl" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") "enable_rack_awareness" $values.rackAwareness.enabled "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage) ))) "r") | int64) ) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.AuditLogging.Translate" (dict "a" (list $values.auditLogging $dot (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.Logging.Translate" (dict "a" (list $values.logging) ))) "r")) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.TunableConfig.Translate" (dict "a" (list $values.config.tunable) ))) "r")) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.ClusterConfig.Translate" (dict "a" (list $values.config.cluster) ))) "r")) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.Auth.Translate" (dict "a" (list $values.auth (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} -{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.TieredStorageConfig.Translate" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) $values.storage.tiered.credentialsSecretRef) ))) "r")) -}} -{{- $_80___ok_1 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "default_topic_replications" (coalesce nil)) ))) "r") -}} +{{- $bootstrap := (dict "kafka_enable_authorization" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r") "enable_sasl" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r") "enable_rack_awareness" $values.rackAwareness.enabled "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage)))) "r") | int64)) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.AuditLogging.Translate" (dict "a" (list $values.auditLogging $dot (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r"))))) "r")) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.Logging.Translate" (dict "a" (list $values.logging)))) "r")) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.TunableConfig.Translate" (dict "a" (list $values.config.tunable)))) "r")) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.ClusterConfig.Translate" (dict "a" (list $values.config.cluster)))) "r")) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.Auth.Translate" (dict "a" (list $values.auth (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r"))))) "r")) -}} +{{- $bootstrap = (merge (dict) $bootstrap (get (fromJson (include "redpanda.TieredStorageConfig.Translate" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r")) $values.storage.tiered.credentialsSecretRef)))) "r")) -}} +{{- $_80___ok_1 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "default_topic_replications" (coalesce nil))))) "r") -}} {{- $_ := (index $_80___ok_1 0) -}} {{- $ok_1 := (index $_80___ok_1 1) -}} {{- if (and (not $ok_1) (ge ($values.statefulset.replicas | int) (3 | int))) -}} {{- $_ := (set $bootstrap "default_topic_replications" (3 | int)) -}} {{- end -}} -{{- $_85___ok_2 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "storage_min_free_bytes" (coalesce nil)) ))) "r") -}} +{{- $_85___ok_2 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "storage_min_free_bytes" (coalesce nil))))) "r") -}} {{- $_ := (index $_85___ok_2 0) -}} {{- $ok_2 := (index $_85___ok_2 1) -}} {{- if (not $ok_2) -}} -{{- $_ := (set $bootstrap "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage) ))) "r") | int64)) -}} +{{- $_ := (set $bootstrap "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage)))) "r") | int64)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" (toYaml $bootstrap)) | toJson -}} @@ -57,19 +57,19 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $redpanda := (dict "empty_seed_starts_cluster" false ) -}} +{{- $redpanda := (dict "empty_seed_starts_cluster" false) -}} {{- if $includeNonHashableItems -}} -{{- $_ := (set $redpanda "seed_servers" (get (fromJson (include "redpanda.Listeners.CreateSeedServers" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r")) -}} +{{- $_ := (set $redpanda "seed_servers" (get (fromJson (include "redpanda.Listeners.CreateSeedServers" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r"))))) "r")) -}} {{- end -}} -{{- $redpanda = (merge (dict ) $redpanda (get (fromJson (include "redpanda.NodeConfig.Translate" (dict "a" (list $values.config.node) ))) "r")) -}} -{{- $_ := (get (fromJson (include "redpanda.configureListeners" (dict "a" (list $redpanda $dot) ))) "r") -}} -{{- $redpandaYaml := (dict "redpanda" $redpanda "schema_registry" (get (fromJson (include "redpanda.schemaRegistry" (dict "a" (list $dot) ))) "r") "pandaproxy" (get (fromJson (include "redpanda.pandaProxyListener" (dict "a" (list $dot) ))) "r") "config_file" "/etc/redpanda/redpanda.yaml" ) -}} +{{- $redpanda = (merge (dict) $redpanda (get (fromJson (include "redpanda.NodeConfig.Translate" (dict "a" (list $values.config.node)))) "r")) -}} +{{- $_ := (get (fromJson (include "redpanda.configureListeners" (dict "a" (list $redpanda $dot)))) "r") -}} +{{- $redpandaYaml := (dict "redpanda" $redpanda "schema_registry" (get (fromJson (include "redpanda.schemaRegistry" (dict "a" (list $dot)))) "r") "pandaproxy" (get (fromJson (include "redpanda.pandaProxyListener" (dict "a" (list $dot)))) "r") "config_file" "/etc/redpanda/redpanda.yaml") -}} {{- if $includeNonHashableItems -}} -{{- $_ := (set $redpandaYaml "rpk" (get (fromJson (include "redpanda.rpkNodeConfig" (dict "a" (list $dot) ))) "r")) -}} -{{- $_ := (set $redpandaYaml "pandaproxy_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r")) -}} -{{- $_ := (set $redpandaYaml "schema_registry_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r")) -}} -{{- if (and (and (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot) ))) "r") $values.auditLogging.enabled) (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) -}} -{{- $_ := (set $redpandaYaml "audit_log_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $redpandaYaml "rpk" (get (fromJson (include "redpanda.rpkNodeConfig" (dict "a" (list $dot)))) "r")) -}} +{{- $_ := (set $redpandaYaml "pandaproxy_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot)))) "r")) -}} +{{- $_ := (set $redpandaYaml "schema_registry_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot)))) "r")) -}} +{{- if (and (and (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot)))) "r") $values.auditLogging.enabled) (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r")) -}} +{{- $_ := (set $redpandaYaml "audit_log_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot)))) "r")) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} @@ -89,7 +89,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ConfigMap" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-rpk" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "data" (dict "profile" (toYaml (get (fromJson (include "redpanda.rpkProfile" (dict "a" (list $dot) ))) "r")) ) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "kind" "ConfigMap" "apiVersion" "v1")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-rpk" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "data" (dict "profile" (toYaml (get (fromJson (include "redpanda.rpkProfile" (dict "a" (list $dot)))) "r")))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -99,61 +99,61 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $brokerList := (list ) -}} +{{- $brokerList := (list) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $brokerList = (concat (default (list ) $brokerList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedKafkaPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- $brokerList = (concat (default (list) $brokerList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i)))) "r") (((get (fromJson (include "redpanda.advertisedKafkaPort" (dict "a" (list $dot $i)))) "r") | int) | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $adminAdvertisedList := (list ) -}} +{{- $adminAdvertisedList := (list) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $adminAdvertisedList = (concat (default (list ) $adminAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedAdminPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- $adminAdvertisedList = (concat (default (list) $adminAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i)))) "r") (((get (fromJson (include "redpanda.advertisedAdminPort" (dict "a" (list $dot $i)))) "r") | int) | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $schemaAdvertisedList := (list ) -}} +{{- $schemaAdvertisedList := (list) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $schemaAdvertisedList = (concat (default (list ) $schemaAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedSchemaPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- $schemaAdvertisedList = (concat (default (list) $schemaAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i)))) "r") (((get (fromJson (include "redpanda.advertisedSchemaPort" (dict "a" (list $dot $i)))) "r") | int) | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $kafkaTLS := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- $_175___ok_3 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $kafkaTLS "ca_file" (coalesce nil)) ))) "r") -}} +{{- $kafkaTLS := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- $_175___ok_3 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $kafkaTLS "ca_file" (coalesce nil))))) "r") -}} {{- $_ := (index $_175___ok_3 0) -}} {{- $ok_3 := (index $_175___ok_3 1) -}} {{- if $ok_3 -}} {{- $_ := (set $kafkaTLS "ca_file" "ca.crt") -}} {{- end -}} -{{- $adminTLS := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- $_181___ok_4 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $adminTLS "ca_file" (coalesce nil)) ))) "r") -}} +{{- $adminTLS := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- $_181___ok_4 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $adminTLS "ca_file" (coalesce nil))))) "r") -}} {{- $_ := (index $_181___ok_4 0) -}} {{- $ok_4 := (index $_181___ok_4 1) -}} {{- if $ok_4 -}} {{- $_ := (set $adminTLS "ca_file" "ca.crt") -}} {{- end -}} -{{- $schemaTLS := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- $_187___ok_5 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $schemaTLS "ca_file" (coalesce nil)) ))) "r") -}} +{{- $schemaTLS := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- $_187___ok_5 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $schemaTLS "ca_file" (coalesce nil))))) "r") -}} {{- $_ := (index $_187___ok_5 0) -}} {{- $ok_5 := (index $_187___ok_5 1) -}} {{- if $ok_5 -}} {{- $_ := (set $schemaTLS "ca_file" "ca.crt") -}} {{- end -}} -{{- $ka := (dict "brokers" $brokerList "tls" (coalesce nil) ) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $kafkaTLS) ))) "r") | int) (0 | int)) -}} +{{- $ka := (dict "brokers" $brokerList "tls" (coalesce nil)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $kafkaTLS)))) "r") | int) (0 | int)) -}} {{- $_ := (set $ka "tls" $kafkaTLS) -}} {{- end -}} -{{- $aa := (dict "addresses" $adminAdvertisedList "tls" (coalesce nil) ) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $adminTLS) ))) "r") | int) (0 | int)) -}} +{{- $aa := (dict "addresses" $adminAdvertisedList "tls" (coalesce nil)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $adminTLS)))) "r") | int) (0 | int)) -}} {{- $_ := (set $aa "tls" $adminTLS) -}} {{- end -}} -{{- $sa := (dict "addresses" $schemaAdvertisedList "tls" (coalesce nil) ) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $schemaTLS) ))) "r") | int) (0 | int)) -}} +{{- $sa := (dict "addresses" $schemaAdvertisedList "tls" (coalesce nil)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $schemaTLS)))) "r") | int) (0 | int)) -}} {{- $_ := (set $sa "tls" $schemaTLS) -}} {{- end -}} -{{- $result := (dict "name" (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot) ))) "r") "kafka_api" $ka "admin_api" $aa "schema_registry" $sa ) -}} +{{- $result := (dict "name" (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot)))) "r") "kafka_api" $ka "admin_api" $aa "schema_registry" $sa) -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} {{- break -}} @@ -166,15 +166,15 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $externalKafkaListenerName := (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot) ))) "r") -}} -{{- $listener := (ternary (index $values.listeners.kafka.external $externalKafkaListenerName) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "authenticationMethod" (coalesce nil) "prefixTemplate" (coalesce nil) "tls" (coalesce nil) ) (hasKey $values.listeners.kafka.external $externalKafkaListenerName)) -}} +{{- $externalKafkaListenerName := (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot)))) "r") -}} +{{- $listener := (ternary (index $values.listeners.kafka.external $externalKafkaListenerName) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil)) (hasKey $values.listeners.kafka.external $externalKafkaListenerName)) -}} {{- $port := (($values.listeners.kafka.port | int) | int) -}} {{- if (gt (($listener.port | int) | int) ((1 | int) | int)) -}} {{- $port = (($listener.port | int) | int) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts $i) | int) -}} -{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} {{- end -}} {{- end -}} @@ -193,14 +193,14 @@ {{- $keys := (keys $values.listeners.admin.external) -}} {{- $_ := (sortAlpha $keys) -}} {{- $externalAdminListenerName := (first $keys) -}} -{{- $listener := (ternary (index $values.listeners.admin.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalAdminListenerName) ))) "r")) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil) ) (hasKey $values.listeners.admin.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalAdminListenerName) ))) "r"))) -}} +{{- $listener := (ternary (index $values.listeners.admin.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalAdminListenerName)))) "r")) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil)) (hasKey $values.listeners.admin.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalAdminListenerName)))) "r"))) -}} {{- $port := (($values.listeners.admin.port | int) | int) -}} {{- if (gt (($listener.port | int) | int) (1 | int)) -}} {{- $port = (($listener.port | int) | int) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts $i) | int) -}} -{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} {{- end -}} {{- end -}} @@ -219,14 +219,14 @@ {{- $keys := (keys $values.listeners.schemaRegistry.external) -}} {{- $_ := (sortAlpha $keys) -}} {{- $externalSchemaListenerName := (first $keys) -}} -{{- $listener := (ternary (index $values.listeners.schemaRegistry.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalSchemaListenerName) ))) "r")) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "authenticationMethod" (coalesce nil) "tls" (coalesce nil) ) (hasKey $values.listeners.schemaRegistry.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalSchemaListenerName) ))) "r"))) -}} +{{- $listener := (ternary (index $values.listeners.schemaRegistry.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalSchemaListenerName)))) "r")) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil)) (hasKey $values.listeners.schemaRegistry.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalSchemaListenerName)))) "r"))) -}} {{- $port := (($values.listeners.schemaRegistry.port | int) | int) -}} {{- if (gt (($listener.port | int) | int) (1 | int)) -}} {{- $port = (($listener.port | int) | int) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts $i) | int) -}} -{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} {{- end -}} {{- end -}} @@ -242,21 +242,21 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $address := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") ($i | int)) -}} -{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") "") -}} +{{- $address := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") ($i | int)) -}} +{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "")))) "r") "") -}} {{- $address = (printf "%s.%s" $address (tpl $values.external.domain $dot)) -}} {{- end -}} -{{- if (le ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} +{{- if (le ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (0 | int)) -}} {{- $_is_returning = true -}} {{- (dict "r" $address) | toJson -}} {{- break -}} {{- end -}} -{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (1 | int)) -}} {{- $address = (index $values.external.addresses (0 | int)) -}} {{- else -}} {{- $address = (index $values.external.addresses $i) -}} {{- end -}} -{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") "") -}} +{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "")))) "r") "") -}} {{- $address = (printf "%s.%s" $address (tpl $values.external.domain $dot)) -}} {{- end -}} {{- $_is_returning = true -}} @@ -273,7 +273,7 @@ {{- $keys := (keys $values.listeners.kafka.external) -}} {{- $_ := (sortAlpha $keys) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" (first $keys)) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" (first $keys))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -286,7 +286,7 @@ {{- $_is_returning := false -}} {{- $bl := (coalesce nil) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} -{{- $bl = (concat (default (list ) $bl) (list (printf "%s-%d.%s:%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") $port))) -}} +{{- $bl = (concat (default (list) $bl) (list (printf "%s-%d.%s:%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r") $port))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -302,29 +302,29 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $brokerList := (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int)) ))) "r") -}} +{{- $brokerList := (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int))))) "r") -}} {{- $adminTLS := (coalesce nil) -}} -{{- $tls_6 := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_6) ))) "r") | int) (0 | int)) -}} +{{- $tls_6 := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_6)))) "r") | int) (0 | int)) -}} {{- $adminTLS = $tls_6 -}} {{- end -}} {{- $brokerTLS := (coalesce nil) -}} -{{- $tls_7 := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_7) ))) "r") | int) (0 | int)) -}} +{{- $tls_7 := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_7)))) "r") | int) (0 | int)) -}} {{- $brokerTLS = $tls_7 -}} {{- end -}} {{- $schemaRegistryTLS := (coalesce nil) -}} -{{- $tls_8 := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_8) ))) "r") | int) (0 | int)) -}} +{{- $tls_8 := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_8)))) "r") | int) (0 | int)) -}} {{- $schemaRegistryTLS = $tls_8 -}} {{- end -}} -{{- $_372_lockMemory_overprovisioned_flags := (get (fromJson (include "redpanda.RedpandaAdditionalStartFlags" (dict "a" (list $values) ))) "r") -}} +{{- $_372_lockMemory_overprovisioned_flags := (get (fromJson (include "redpanda.RedpandaAdditionalStartFlags" (dict "a" (list $values)))) "r") -}} {{- $lockMemory := (index $_372_lockMemory_overprovisioned_flags 0) -}} {{- $overprovisioned := (index $_372_lockMemory_overprovisioned_flags 1) -}} {{- $flags := (index $_372_lockMemory_overprovisioned_flags 2) -}} -{{- $result := (dict "additional_start_flags" $flags "enable_memory_locking" $lockMemory "overprovisioned" $overprovisioned "kafka_api" (dict "brokers" $brokerList "tls" $brokerTLS ) "admin_api" (dict "addresses" (get (fromJson (include "redpanda.Listeners.AdminList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r") "tls" $adminTLS ) "schema_registry" (dict "addresses" (get (fromJson (include "redpanda.Listeners.SchemaRegistryList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r") "tls" $schemaRegistryTLS ) ) -}} -{{- $result = (merge (dict ) $result (get (fromJson (include "redpanda.Tuning.Translate" (dict "a" (list $values.tuning) ))) "r")) -}} -{{- $result = (merge (dict ) $result (get (fromJson (include "redpanda.Config.CreateRPKConfiguration" (dict "a" (list $values.config) ))) "r")) -}} +{{- $result := (dict "additional_start_flags" $flags "enable_memory_locking" $lockMemory "overprovisioned" $overprovisioned "kafka_api" (dict "brokers" $brokerList "tls" $brokerTLS) "admin_api" (dict "addresses" (get (fromJson (include "redpanda.Listeners.AdminList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r"))))) "r") "tls" $adminTLS) "schema_registry" (dict "addresses" (get (fromJson (include "redpanda.Listeners.SchemaRegistryList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r"))))) "r") "tls" $schemaRegistryTLS)) -}} +{{- $result = (merge (dict) $result (get (fromJson (include "redpanda.Tuning.Translate" (dict "a" (list $values.tuning)))) "r")) -}} +{{- $result = (merge (dict) $result (get (fromJson (include "redpanda.Config.CreateRPKConfiguration" (dict "a" (list $values.config)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} {{- break -}} @@ -337,15 +337,15 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $tls := $values.listeners.kafka.tls -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} -{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- if $tls.requireClientAuth -}} -{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} -{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} @@ -359,15 +359,15 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $tls := $values.listeners.admin.tls -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} -{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- if $tls.requireClientAuth -}} -{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} -{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} @@ -381,15 +381,15 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $tls := $values.listeners.schemaRegistry.tls -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} -{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls)))) "r")) -}} {{- if $tls.requireClientAuth -}} -{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} -{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} @@ -402,24 +402,24 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $brokerList := (list ) -}} +{{- $brokerList := (list) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $brokerList = (concat (default (list ) $brokerList) (list (dict "address" (printf "%s-%d.%s" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) "port" ($values.listeners.kafka.port | int) ))) -}} +{{- $brokerList = (concat (default (list) $brokerList) (list (dict "address" (printf "%s-%d.%s" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r")) "port" ($values.listeners.kafka.port | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $kafkaTLS := $values.listeners.kafka.tls -}} {{- $brokerTLS := (coalesce nil) -}} -{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.kafka.tls $values.tls) ))) "r") -}} -{{- $brokerTLS = (dict "enabled" true "require_client_auth" $kafkaTLS.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $kafkaTLS $values.tls) ))) "r") ) -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.kafka.tls $values.tls)))) "r") -}} +{{- $brokerTLS = (dict "enabled" true "require_client_auth" $kafkaTLS.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $kafkaTLS $values.tls)))) "r")) -}} {{- if $kafkaTLS.requireClientAuth -}} -{{- $_ := (set $brokerTLS "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} -{{- $_ := (set $brokerTLS "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $brokerTLS "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} +{{- $_ := (set $brokerTLS "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) -}} {{- end -}} {{- end -}} -{{- $cfg := (dict "brokers" $brokerList ) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $brokerTLS) ))) "r") | int) (0 | int)) -}} +{{- $cfg := (dict "brokers" $brokerList) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $brokerTLS)))) "r") | int) (0 | int)) -}} {{- $_ := (set $cfg "broker_tls" $brokerTLS) -}} {{- end -}} {{- $_is_returning = true -}} @@ -434,21 +434,25 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $_ := (set $redpanda "admin" (get (fromJson (include "redpanda.AdminListeners.Listeners" (dict "a" (list $values.listeners.admin) ))) "r")) -}} -{{- $_ := (set $redpanda "kafka_api" (get (fromJson (include "redpanda.KafkaListeners.Listeners" (dict "a" (list $values.listeners.kafka $values.auth) ))) "r")) -}} -{{- $_ := (set $redpanda "rpc_server" (get (fromJson (include "redpanda.rpcListeners" (dict "a" (list $dot) ))) "r")) -}} +{{- $defaultKafkaAuth := (coalesce nil) -}} +{{- if $values.auth.sasl.enabled -}} +{{- $defaultKafkaAuth = "sasl" -}} +{{- end -}} +{{- $_ := (set $redpanda "admin" (get (fromJson (include "redpanda.ListenerConfig.Listeners" (dict "a" (list $values.listeners.admin (coalesce nil))))) "r")) -}} +{{- $_ := (set $redpanda "kafka_api" (get (fromJson (include "redpanda.ListenerConfig.Listeners" (dict "a" (list $values.listeners.kafka $defaultKafkaAuth)))) "r")) -}} +{{- $_ := (set $redpanda "rpc_server" (get (fromJson (include "redpanda.rpcListeners" (dict "a" (list $dot)))) "r")) -}} {{- $_ := (set $redpanda "admin_api_tls" (coalesce nil)) -}} -{{- $tls_9 := (get (fromJson (include "redpanda.AdminListeners.ListenersTLS" (dict "a" (list $values.listeners.admin $values.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_9) ))) "r") | int) (0 | int)) -}} +{{- $tls_9 := (get (fromJson (include "redpanda.ListenerConfig.ListenersTLS" (dict "a" (list $values.listeners.admin $values.tls)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_9)))) "r") | int) (0 | int)) -}} {{- $_ := (set $redpanda "admin_api_tls" $tls_9) -}} {{- end -}} {{- $_ := (set $redpanda "kafka_api_tls" (coalesce nil)) -}} -{{- $tls_10 := (get (fromJson (include "redpanda.KafkaListeners.ListenersTLS" (dict "a" (list $values.listeners.kafka $values.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_10) ))) "r") | int) (0 | int)) -}} +{{- $tls_10 := (get (fromJson (include "redpanda.ListenerConfig.ListenersTLS" (dict "a" (list $values.listeners.kafka $values.tls)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_10)))) "r") | int) (0 | int)) -}} {{- $_ := (set $redpanda "kafka_api_tls" $tls_10) -}} {{- end -}} -{{- $tls_11 := (get (fromJson (include "redpanda.rpcListenersTLS" (dict "a" (list $dot) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_11) ))) "r") | int) (0 | int)) -}} +{{- $tls_11 := (get (fromJson (include "redpanda.rpcListenersTLS" (dict "a" (list $dot)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_11)))) "r") | int) (0 | int)) -}} {{- $_ := (set $redpanda "rpc_server_tls" $tls_11) -}} {{- end -}} {{- end -}} @@ -459,11 +463,15 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $pandaProxy := (dict ) -}} -{{- $_ := (set $pandaProxy "pandaproxy_api" (get (fromJson (include "redpanda.HTTPListeners.Listeners" (dict "a" (list $values.listeners.http (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $pandaProxy := (dict) -}} +{{- $pandaProxyAuth := (coalesce nil) -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r") -}} +{{- $pandaProxyAuth = "http_basic" -}} +{{- end -}} +{{- $_ := (set $pandaProxy "pandaproxy_api" (get (fromJson (include "redpanda.ListenerConfig.Listeners" (dict "a" (list $values.listeners.http $pandaProxyAuth)))) "r")) -}} {{- $_ := (set $pandaProxy "pandaproxy_api_tls" (coalesce nil)) -}} -{{- $tls_12 := (get (fromJson (include "redpanda.HTTPListeners.ListenersTLS" (dict "a" (list $values.listeners.http $values.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_12) ))) "r") | int) (0 | int)) -}} +{{- $tls_12 := (get (fromJson (include "redpanda.ListenerConfig.ListenersTLS" (dict "a" (list $values.listeners.http $values.tls)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_12)))) "r") | int) (0 | int)) -}} {{- $_ := (set $pandaProxy "pandaproxy_api_tls" $tls_12) -}} {{- end -}} {{- $_is_returning = true -}} @@ -477,11 +485,11 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $schemaReg := (dict ) -}} -{{- $_ := (set $schemaReg "schema_registry_api" (get (fromJson (include "redpanda.SchemaRegistryListeners.Listeners" (dict "a" (list $values.listeners.schemaRegistry (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $schemaReg := (dict) -}} +{{- $_ := (set $schemaReg "schema_registry_api" (get (fromJson (include "redpanda.ListenerConfig.Listeners" (dict "a" (list $values.listeners.schemaRegistry (coalesce nil))))) "r")) -}} {{- $_ := (set $schemaReg "schema_registry_api_tls" (coalesce nil)) -}} -{{- $tls_13 := (get (fromJson (include "redpanda.SchemaRegistryListeners.ListenersTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_13) ))) "r") | int) (0 | int)) -}} +{{- $tls_13 := (get (fromJson (include "redpanda.ListenerConfig.ListenersTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_13)))) "r") | int) (0 | int)) -}} {{- $_ := (set $schemaReg "schema_registry_api_tls" $tls_13) -}} {{- end -}} {{- $_is_returning = true -}} @@ -496,17 +504,17 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $r := $values.listeners.rpc -}} -{{- if (and (not ((or (or (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_atleast_22_2_10" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_atleast_22_3_13" (dict "a" (list $dot) ))) "r")) (get (fromJson (include "redpanda.RedpandaAtLeast_23_1_2" (dict "a" (list $dot) ))) "r")))) ((or (and (eq (toJson $r.tls.enabled) "null") $values.tls.enabled) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $r.tls.enabled false) ))) "r")))) -}} -{{- $_ := (fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")))) -}} +{{- if (and (not ((or (or (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_atleast_22_2_10" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_atleast_22_3_13" (dict "a" (list $dot)))) "r")) (get (fromJson (include "redpanda.RedpandaAtLeast_23_1_2" (dict "a" (list $dot)))) "r")))) ((or (and (eq (toJson $r.tls.enabled) "null") $values.tls.enabled) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $r.tls.enabled false)))) "r")))) -}} +{{- $_ := (fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")))) -}} {{- end -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $r.tls $values.tls) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $r.tls $values.tls)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} {{- $certName := $r.tls.cert -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" $r.tls.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $r.tls $values.tls) ))) "r") )) | toJson -}} +{{- (dict "r" (dict "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" $r.tls.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $r.tls $values.tls)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -517,7 +525,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "address" "0.0.0.0" "port" ($values.listeners.rpc.port | int) )) | toJson -}} +{{- (dict "r" (dict "address" "0.0.0.0" "port" ($values.listeners.rpc.port | int))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -527,23 +535,13 @@ {{- $internal := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $internal $tls) ))) "r")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} -{{- break -}} -{{- end -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $internal $tls)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "name" "internal" "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $internal.cert) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $internal.cert) "require_client_auth" $internal.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $internal $tls) ))) "r") )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} -{{- end -}} - -{{- define "redpanda.createInternalListenerCfg" -}} -{{- $port := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "name" "internal" "address" "0.0.0.0" "port" $port )) | toJson -}} +{{- (dict "r" (dict "name" "internal" "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $internal.cert) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $internal.cert) "require_client_auth" $internal.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $internal $tls)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -552,30 +550,30 @@ {{- $values := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $flags := (get (fromJson (include "redpanda.RedpandaResources.GetRedpandaFlags" (dict "a" (list $values.resources) ))) "r") -}} +{{- $flags := (get (fromJson (include "redpanda.RedpandaResources.GetRedpandaFlags" (dict "a" (list $values.resources)))) "r") -}} {{- $_ := (set $flags "--default-log-level" $values.logging.logLevel) -}} {{- if (eq (index $values.config.node "developer_mode") true) -}} {{- $_ := (unset $flags "--reserve-memory") -}} {{- end -}} -{{- range $key, $value := (get (fromJson (include "redpanda.ParseCLIArgs" (dict "a" (list $values.statefulset.additionalRedpandaCmdFlags) ))) "r") -}} +{{- range $key, $value := (get (fromJson (include "redpanda.ParseCLIArgs" (dict "a" (list $values.statefulset.additionalRedpandaCmdFlags)))) "r") -}} {{- $_ := (set $flags $key $value) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $enabledOptions := (dict "true" true "1" true "" true ) -}} +{{- $enabledOptions := (dict "true" true "1" true "" true) -}} {{- $lockMemory := false -}} -{{- $_657_value_14_ok_15 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $flags "--lock-memory" "") ))) "r") -}} -{{- $value_14 := (index $_657_value_14_ok_15 0) -}} -{{- $ok_15 := (index $_657_value_14_ok_15 1) -}} +{{- $_658_value_14_ok_15 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $flags "--lock-memory" "")))) "r") -}} +{{- $value_14 := (index $_658_value_14_ok_15 0) -}} +{{- $ok_15 := (index $_658_value_14_ok_15 1) -}} {{- if $ok_15 -}} {{- $lockMemory = (ternary (index $enabledOptions $value_14) false (hasKey $enabledOptions $value_14)) -}} {{- $_ := (unset $flags "--lock-memory") -}} {{- end -}} {{- $overprovisioned := false -}} -{{- $_664_value_16_ok_17 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $flags "--overprovisioned" "") ))) "r") -}} -{{- $value_16 := (index $_664_value_16_ok_17 0) -}} -{{- $ok_17 := (index $_664_value_16_ok_17 1) -}} +{{- $_665_value_16_ok_17 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $flags "--overprovisioned" "")))) "r") -}} +{{- $value_16 := (index $_665_value_16_ok_17 0) -}} +{{- $ok_17 := (index $_665_value_16_ok_17 1) -}} {{- if $ok_17 -}} {{- $overprovisioned = (ternary (index $enabledOptions $value_16) false (hasKey $enabledOptions $value_16)) -}} {{- $_ := (unset $flags "--overprovisioned") -}} @@ -586,9 +584,9 @@ {{- range $_, $key := $keys -}} {{- $value := (ternary (index $flags $key) "" (hasKey $flags $key)) -}} {{- if (eq $value "") -}} -{{- $rendered = (concat (default (list ) $rendered) (list $key)) -}} +{{- $rendered = (concat (default (list) $rendered) (list $key)) -}} {{- else -}} -{{- $rendered = (concat (default (list ) $rendered) (list (printf "%s=%s" $key $value))) -}} +{{- $rendered = (concat (default (list) $rendered) (list (printf "%s=%s" $key $value))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} diff --git a/charts/redpanda/templates/_console.go.tpl b/charts/redpanda/templates/_console.go.tpl index 2ee9ceeef6..2fd60bd628 100644 --- a/charts/redpanda/templates/_console.go.tpl +++ b/charts/redpanda/templates/_console.go.tpl @@ -5,7 +5,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.enabled true) ))) "r")) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.enabled true)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} @@ -14,35 +14,35 @@ {{- $loadedValues := $consoleDot.Values -}} {{- $consoleValue := $consoleDot.Values -}} {{- $license_1 := $values.enterprise.license -}} -{{- if (and (ne $license_1 "") (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.secret.create false) ))) "r"))) -}} +{{- if (and (ne $license_1 "") (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.secret.create false)))) "r"))) -}} {{- $_ := (set $consoleValue.secret "create" true) -}} {{- $_ := (set $consoleValue.secret "license" $license_1) -}} {{- end -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.configmap.create false) ))) "r")) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.configmap.create false)))) "r")) -}} {{- $_ := (set $consoleValue.configmap "create" true) -}} -{{- $_ := (set $consoleValue "config" (get (fromJson (include "redpanda.ConsoleConfig" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $consoleValue "config" (get (fromJson (include "redpanda.ConsoleConfig" (dict "a" (list $dot)))) "r")) -}} {{- end -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.deployment.create false) ))) "r")) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.deployment.create false)))) "r")) -}} {{- $_ := (set $consoleValue.deployment "create" true) -}} -{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} -{{- $command := (list "sh" "-c" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" "set -e; IFS=':' read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < <(grep \"\" $(find /mnt/users/* -print));" (printf " KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s};" (get (fromJson (include "redpanda.GetSASLMechanism" (dict "a" (list $dot) ))) "r"))) " export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM;") " export KAFKA_SCHEMAREGISTRY_USERNAME=$KAFKA_SASL_USERNAME;") " export KAFKA_SCHEMAREGISTRY_PASSWORD=$KAFKA_SASL_PASSWORD;") " export REDPANDA_ADMINAPI_USERNAME=$KAFKA_SASL_USERNAME;") " export REDPANDA_ADMINAPI_PASSWORD=$KAFKA_SASL_PASSWORD;") " /app/console $@") " --") -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r") -}} +{{- $command := (list "sh" "-c" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" "set -e; IFS=':' read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < <(grep \"\" $(find /mnt/users/* -print));" (printf " KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s};" (get (fromJson (include "redpanda.GetSASLMechanism" (dict "a" (list $dot)))) "r"))) " export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM;") " export KAFKA_SCHEMAREGISTRY_USERNAME=$KAFKA_SASL_USERNAME;") " export KAFKA_SCHEMAREGISTRY_PASSWORD=$KAFKA_SASL_PASSWORD;") " export REDPANDA_ADMINAPI_USERNAME=$KAFKA_SASL_USERNAME;") " export REDPANDA_ADMINAPI_PASSWORD=$KAFKA_SASL_PASSWORD;") " /app/console $@") " --") -}} {{- $_ := (set $consoleValue.deployment "command" $command) -}} {{- end -}} {{- $secret_2 := $values.enterprise.licenseSecretRef -}} {{- if (ne (toJson $secret_2) "null") -}} {{- $_ := (set $consoleValue "licenseSecretRef" $secret_2) -}} {{- end -}} -{{- $_ := (set $consoleValue "extraVolumes" (get (fromJson (include "redpanda.consoleTLSVolumes" (dict "a" (list $dot) ))) "r")) -}} -{{- $_ := (set $consoleValue "extraVolumeMounts" (get (fromJson (include "redpanda.consoleTLSVolumesMounts" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $consoleValue "extraVolumes" (get (fromJson (include "redpanda.consoleTLSVolumes" (dict "a" (list $dot)))) "r")) -}} +{{- $_ := (set $consoleValue "extraVolumeMounts" (get (fromJson (include "redpanda.consoleTLSVolumesMounts" (dict "a" (list $dot)))) "r")) -}} {{- $_ := (set $consoleDot "Values" $consoleValue) -}} -{{- $cfg := (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot) ))) "r") -}} +{{- $cfg := (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot)))) "r") -}} {{- if (eq (toJson $consoleValue.podAnnotations) "null") -}} -{{- $_ := (set $consoleValue "podAnnotations" (dict )) -}} +{{- $_ := (set $consoleValue "podAnnotations" (dict)) -}} {{- end -}} {{- $_ := (set $consoleValue.podAnnotations "checksum-redpanda-chart/config" (sha256sum (toYaml $cfg))) -}} {{- end -}} {{- $_ := (set $consoleDot "Values" $consoleValue) -}} -{{- $manifests := (list (get (fromJson (include "console.Secret" (dict "a" (list $consoleDot) ))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot) ))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $consoleDot) ))) "r")) -}} +{{- $manifests := (list (get (fromJson (include "console.Secret" (dict "a" (list $consoleDot)))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot)))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $consoleDot)))) "r")) -}} {{- $_ := (set $consoleDot "Values" $loadedValues) -}} {{- $_is_returning = true -}} {{- (dict "r" $manifests) | toJson -}} @@ -55,30 +55,30 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $mounts := (list ) -}} +{{- $mounts := (list) -}} {{- $sasl_3 := $values.auth.sasl -}} {{- if (and $sasl_3.enabled (ne $sasl_3.secretRef "")) -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" "/mnt/users" "readOnly" true )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "mountPath" "/mnt/users" "readOnly" true)))) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls) ))) "r")) ))) "r") | int) (0 | int)) -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true )))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls)))) "r"))))) "r") | int) (0 | int)) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true)))) -}} {{- end -}} -{{- $visitedCert := (dict ) -}} +{{- $visitedCert := (dict) -}} {{- range $_, $tlsCfg := (list $values.listeners.kafka.tls $values.listeners.schemaRegistry.tls $values.listeners.admin.tls) -}} -{{- $_131___visited := (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert false) ))) "r") -}} +{{- $_131___visited := (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert false)))) "r") -}} {{- $_ := (index $_131___visited 0) -}} {{- $visited := (index $_131___visited 1) -}} -{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls) ))) "r")) $visited) -}} +{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls)))) "r")) $visited) -}} {{- continue -}} {{- end -}} {{- $_ := (set $visitedCert $tlsCfg.cert true) -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert) "mountPath" (printf "%s/%s" "/etc/tls/certs" $tlsCfg.cert) )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert) "mountPath" (printf "%s/%s" "/etc/tls/certs" $tlsCfg.cert))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $mounts) (default (list ) $values.console.extraVolumeMounts))) | toJson -}} +{{- (dict "r" (concat (default (list) $mounts) (default (list) $values.console.extraVolumeMounts))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -88,31 +88,31 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $volumes := (list ) -}} +{{- $volumes := (list) -}} {{- $sasl_4 := $values.auth.sasl -}} {{- if (and $sasl_4.enabled (ne $sasl_4.secretRef "")) -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $values.auth.sasl.secretRef )) )) (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" $values.auth.sasl.secretRef)))) (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")))))) -}} {{- end -}} -{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls) ))) "r") -}} +{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls)))) "r") -}} {{- if (ne (toJson $vol_5) "null") -}} -{{- $volumes = (concat (default (list ) $volumes) (list $vol_5)) -}} +{{- $volumes = (concat (default (list) $volumes) (list $vol_5)) -}} {{- end -}} -{{- $visitedCert := (dict ) -}} +{{- $visitedCert := (dict) -}} {{- range $_, $tlsCfg := (list $values.listeners.kafka.tls $values.listeners.schemaRegistry.tls $values.listeners.admin.tls) -}} -{{- $_172___visited := (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert false) ))) "r") -}} +{{- $_172___visited := (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert false)))) "r") -}} {{- $_ := (index $_172___visited 0) -}} {{- $visited := (index $_172___visited 1) -}} -{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls) ))) "r")) $visited) -}} +{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls)))) "r")) $visited) -}} {{- continue -}} {{- end -}} {{- $_ := (set $visitedCert $tlsCfg.cert true) -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o420 | int) "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $tlsCfg.cert (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $values.tls.certs) $tlsCfg.cert) ))) "r")) ))) "r") )) )) (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert) )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "defaultMode" (0o420 | int) "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $tlsCfg.cert (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $values.tls.certs) $tlsCfg.cert)))) "r"))))) "r"))))) (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $volumes) (default (list ) $values.console.extraVolumes))) | toJson -}} +{{- (dict "r" (concat (default (list) $volumes) (default (list) $values.console.extraVolumes))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -125,26 +125,26 @@ {{- $schemaURLs := (coalesce nil) -}} {{- if $values.listeners.schemaRegistry.enabled -}} {{- $schema := "http" -}} -{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.schemaRegistry.tls $values.tls) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.schemaRegistry.tls $values.tls)))) "r") -}} {{- $schema = "https" -}} {{- end -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $schemaURLs = (concat (default (list ) $schemaURLs) (list (printf "%s://%s-%d.%s:%d" $schema (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.schemaRegistry.port | int)))) -}} +{{- $schemaURLs = (concat (default (list) $schemaURLs) (list (printf "%s://%s-%d.%s:%d" $schema (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r") ($values.listeners.schemaRegistry.port | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- end -}} {{- $schema := "http" -}} -{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls)))) "r") -}} {{- $schema = "https" -}} {{- end -}} -{{- $c := (dict "kafka" (dict "brokers" (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int)) ))) "r") "sasl" (dict "enabled" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") ) "tls" (get (fromJson (include "redpanda.KafkaListeners.ConsoleTLS" (dict "a" (list $values.listeners.kafka $values.tls) ))) "r") ) "redpanda" (dict "adminApi" (dict "enabled" true "urls" (list (printf "%s://%s:%d" $schema (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.admin.port | int))) "tls" (get (fromJson (include "redpanda.AdminListeners.ConsoleTLS" (dict "a" (list $values.listeners.admin $values.tls) ))) "r") ) ) "schemaRegistry" (dict "enabled" $values.listeners.schemaRegistry.enabled "urls" $schemaURLs "tls" (get (fromJson (include "redpanda.SchemaRegistryListeners.ConsoleTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls) ))) "r") ) ) -}} +{{- $c := (dict "kafka" (dict "brokers" (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int))))) "r") "sasl" (dict "enabled" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r")) "tls" (get (fromJson (include "redpanda.ListenerConfig.ConsoleTLS" (dict "a" (list $values.listeners.kafka $values.tls)))) "r")) "redpanda" (dict "adminApi" (dict "enabled" true "urls" (list (printf "%s://%s:%d" $schema (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r") ($values.listeners.admin.port | int))) "tls" (get (fromJson (include "redpanda.ListenerConfig.ConsoleTLS" (dict "a" (list $values.listeners.admin $values.tls)))) "r"))) "schemaRegistry" (dict "enabled" $values.listeners.schemaRegistry.enabled "urls" $schemaURLs "tls" (get (fromJson (include "redpanda.ListenerConfig.ConsoleTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls)))) "r"))) -}} {{- if (eq (toJson $values.console.config) "null") -}} -{{- $_ := (set $values.console "config" (dict )) -}} +{{- $_ := (set $values.console "config" (dict)) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $values.console.config $c)) | toJson -}} +{{- (dict "r" (merge (dict) $values.console.config $c)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_helpers.go.tpl b/charts/redpanda/templates/_helpers.go.tpl index b694748284..a3a07f6538 100644 --- a/charts/redpanda/templates/_helpers.go.tpl +++ b/charts/redpanda/templates/_helpers.go.tpl @@ -5,7 +5,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list (replace "+" "_" (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version))) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list (replace "+" "_" (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version)))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -14,16 +14,16 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_51_override_1_ok_2 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "nameOverride") "") ))) "r") -}} +{{- $_51_override_1_ok_2 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "nameOverride") "")))) "r") -}} {{- $override_1 := (index $_51_override_1_ok_2 0) -}} {{- $ok_2 := (index $_51_override_1_ok_2 1) -}} {{- if (and $ok_2 (ne $override_1 "")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_1) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_1)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Chart.Name) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Chart.Name)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -32,16 +32,16 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_61_override_3_ok_4 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "fullnameOverride") "") ))) "r") -}} +{{- $_61_override_3_ok_4 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "fullnameOverride") "")))) "r") -}} {{- $override_3 := (index $_61_override_3_ok_4 0) -}} {{- $ok_4 := (index $_61_override_3_ok_4 1) -}} {{- if (and $ok_4 (ne $override_3 "")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_3) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_3)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Release.Name) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Release.Name)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -51,40 +51,13 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $labels := (dict ) -}} +{{- $labels := (dict) -}} {{- if (ne (toJson $values.commonLabels) "null") -}} {{- $labels = $values.commonLabels -}} {{- end -}} -{{- $defaults := (dict "helm.sh/chart" (get (fromJson (include "redpanda.ChartLabel" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/managed-by" $dot.Release.Service "app.kubernetes.io/component" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) -}} +{{- $defaults := (dict "helm.sh/chart" (get (fromJson (include "redpanda.ChartLabel" (dict "a" (list $dot)))) "r") "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/managed-by" $dot.Release.Service "app.kubernetes.io/component" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $labels $defaults)) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.ServiceAccountName" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- $serviceAccount := $values.serviceAccount -}} -{{- if (and $serviceAccount.create (ne $serviceAccount.name "")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $serviceAccount.name) | toJson -}} -{{- break -}} -{{- else -}}{{- if $serviceAccount.create -}} -{{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} -{{- break -}} -{{- else -}}{{- if (ne $serviceAccount.name "") -}} -{{- $_is_returning = true -}} -{{- (dict "r" $serviceAccount.name) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" "default") | toJson -}} +{{- (dict "r" (merge (dict) $labels $defaults)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -115,11 +88,11 @@ {{- $values := $dot.Values.AsMap -}} {{- if (and (ne (toJson $values.service) "null") (ne (toJson $values.service.name) "null")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $values.service.name) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $values.service.name)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -129,7 +102,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") -}} +{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot)))) "r") -}} {{- $ns := $dot.Release.Namespace -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "%s.%s.svc.%s" $service $ns $values.clusterDomain)) | toJson -}} @@ -160,7 +133,7 @@ {{- if (empty $external) -}} {{- continue -}} {{- end -}} -{{- $keys := (keys (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $external) ))) "r")) -}} +{{- $keys := (keys (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $external)))) "r")) -}} {{- range $_, $key := $keys -}} {{- $enabled := (dig "listeners" $listener "external" $key "enabled" false $dot.Values.AsMap) -}} {{- $tlsCert := (dig "listeners" $listener "external" $key "tls" "cert" false $dot.Values.AsMap) -}} @@ -211,7 +184,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/etc/redpanda" )))) (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")))) | toJson -}} +{{- (dict "r" (concat (default (list) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/etc/redpanda")))) (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -221,27 +194,27 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $mounts := (list ) -}} +{{- $mounts := (list) -}} {{- $sasl_5 := $values.auth.sasl -}} {{- if (and $sasl_5.enabled (ne $sasl_5.secretRef "")) -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "users" "mountPath" "/etc/secrets/users" "readOnly" true )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "users" "mountPath" "/etc/secrets/users" "readOnly" true)))) -}} {{- end -}} -{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot)))) "r") -}} {{- $certNames := (keys $values.tls.certs) -}} {{- $_ := (sortAlpha $certNames) -}} {{- range $_, $name := $certNames -}} -{{- $cert := (ternary (index $values.tls.certs $name) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) ) (hasKey $values.tls.certs $name)) -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true) ))) "r")) -}} +{{- $cert := (ternary (index $values.tls.certs $name) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)) (hasKey $values.tls.certs $name)) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true)))) "r")) -}} {{- continue -}} {{- end -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "redpanda-%s-cert" $name) "mountPath" (printf "%s/%s" "/etc/tls/certs" $name) )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" (printf "redpanda-%s-cert" $name) "mountPath" (printf "%s/%s" "/etc/tls/certs" $name))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $adminTLS := $values.listeners.admin.tls -}} {{- if $adminTLS.requireClientAuth -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "mtls-client" "mountPath" (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "mtls-client" "mountPath" (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")))))) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} @@ -255,7 +228,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) (dict )) )) (dict "name" "base-config" )))) (default (list ) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r")))) | toJson -}} +{{- (dict "r" (concat (default (list) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) (dict)))) (dict "name" "base-config")))) (default (list) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot)))) "r")))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -264,34 +237,34 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $volumes := (list ) -}} +{{- $volumes := (list) -}} {{- $values := $dot.Values.AsMap -}} -{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot)))) "r") -}} {{- $certNames := (keys $values.tls.certs) -}} {{- $_ := (sortAlpha $certNames) -}} {{- range $_, $name := $certNames -}} -{{- $cert := (ternary (index $values.tls.certs $name) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) ) (hasKey $values.tls.certs $name)) -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true) ))) "r")) -}} +{{- $cert := (ternary (index $values.tls.certs $name) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)) (hasKey $values.tls.certs $name)) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true)))) "r")) -}} {{- continue -}} {{- end -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $name $cert) ))) "r") "defaultMode" (0o440 | int) )) )) (dict "name" (printf "redpanda-%s-cert" $name) )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $name $cert)))) "r") "defaultMode" (0o440 | int))))) (dict "name" (printf "redpanda-%s-cert" $name))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $adminTLS := $values.listeners.admin.tls -}} -{{- $cert := (ternary (index $values.tls.certs $adminTLS.cert) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) ) (hasKey $values.tls.certs $adminTLS.cert)) -}} +{{- $cert := (ternary (index $values.tls.certs $adminTLS.cert) (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)) (hasKey $values.tls.certs $adminTLS.cert)) -}} {{- if $adminTLS.requireClientAuth -}} -{{- $secretName := (printf "%s-client" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $secretName := (printf "%s-client" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) -}} {{- if (ne (toJson $cert.clientSecretRef) "null") -}} {{- $secretName = $cert.clientSecretRef.name -}} {{- end -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $secretName "defaultMode" (0o440 | int) )) )) (dict "name" "mtls-client" )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" $secretName "defaultMode" (0o440 | int))))) (dict "name" "mtls-client")))) -}} {{- end -}} {{- end -}} {{- $sasl_6 := $values.auth.sasl -}} {{- if (and $sasl_6.enabled (ne $sasl_6.secretRef "")) -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $sasl_6.secretRef )) )) (dict "name" "users" )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" $sasl_6.secretRef)))) (dict "name" "users")))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $volumes) | toJson -}} @@ -311,7 +284,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf "%s-%s-cert" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $certName)) | toJson -}} +{{- (dict "r" (printf "%s-%s-cert" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $certName)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -321,7 +294,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.0-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -331,7 +304,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.0-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -341,7 +314,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.1-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.1-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -351,7 +324,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.2-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.2-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -361,7 +334,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.13-0,<22.4") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.13-0,<22.4")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -371,7 +344,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.10-0,<22.3") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.10-0,<22.3")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -381,7 +354,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.2.1-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.2.1-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -391,7 +364,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.3.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.3.0-0 || <0.0.1-0")))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -401,10 +374,10 @@ {{- $constraint := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $version := (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) -}} -{{- $_372_result_err := (list (semverCompare $constraint $version) nil) -}} -{{- $result := (index $_372_result_err 0) -}} -{{- $err := (index $_372_result_err 1) -}} +{{- $version := (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")) -}} +{{- $_356_result_err := (list (semverCompare $constraint $version) nil) -}} +{{- $result := (index $_356_result_err 0) -}} +{{- $err := (index $_356_result_err 1) -}} {{- if (ne (toJson $err) "null") -}} {{- $_ := (fail $err) -}} {{- end -}} @@ -430,9 +403,9 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $untyped := $in -}} -{{- $expanded := (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot $untyped) ))) "r") -}} +{{- $expanded := (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot $untyped)))) "r") -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $expanded)) | toJson -}} +{{- (dict "r" (merge (dict) $expanded)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -444,9 +417,9 @@ {{- $_is_returning := false -}} {{- $kind := (kindOf $data) -}} {{- if (eq $kind "map") -}} -{{- $m := (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $data) ))) "r") -}} +{{- $m := (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $data)))) "r") -}} {{- range $key, $value := $m -}} -{{- $_ := (set $m $key (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot $value) ))) "r")) -}} +{{- $_ := (set $m $key (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot $value)))) "r")) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -455,10 +428,10 @@ {{- (dict "r" $m) | toJson -}} {{- break -}} {{- else -}}{{- if (eq $kind "slice") -}} -{{- $s := (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "[]%s" "interface {}") $data) ))) "r") -}} +{{- $s := (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "[]%s" "interface {}") $data)))) "r") -}} {{- $out := (coalesce nil) -}} {{- range $i, $_ := $s -}} -{{- $out = (concat (default (list ) $out) (list (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot (index $s $i)) ))) "r"))) -}} +{{- $out = (concat (default (list) $out) (list (get (fromJson (include "redpanda.recursiveTpl" (dict "a" (list $dot (index $s $i))))) "r"))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -466,9 +439,9 @@ {{- $_is_returning = true -}} {{- (dict "r" $out) | toJson -}} {{- break -}} -{{- else -}}{{- if (and (eq $kind "string") (contains "{{" (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $data) ))) "r"))) -}} +{{- else -}}{{- if (and (eq $kind "string") (contains "{{" (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $data)))) "r"))) -}} {{- $_is_returning = true -}} -{{- (dict "r" (tpl (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $data) ))) "r") $dot)) | toJson -}} +{{- (dict "r" (tpl (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $data)))) "r") $dot)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -485,29 +458,29 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $overridesClone := (fromJson (toJson $overrides)) -}} -{{- $overrides = (merge (dict ) $overridesClone) -}} +{{- $overrides = (merge (dict) $overridesClone) -}} {{- $overrideSpec := $overrides.spec -}} {{- if (eq (toJson $overrideSpec) "null") -}} -{{- $overrideSpec = (mustMergeOverwrite (dict ) (dict )) -}} +{{- $overrideSpec = (mustMergeOverwrite (dict) (dict)) -}} {{- end -}} -{{- $merged := (merge (dict ) (mustMergeOverwrite (dict ) (dict "metadata" (mustMergeOverwrite (dict ) (dict "labels" $overrides.labels "annotations" $overrides.annotations )) "spec" $overrideSpec )) $original) -}} -{{- $_ := (set $merged.spec "initContainers" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.initContainers $overrideSpec.initContainers "name" "redpanda.mergeContainer") ))) "r")) -}} -{{- $_ := (set $merged.spec "containers" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.containers $overrideSpec.containers "name" "redpanda.mergeContainer") ))) "r")) -}} -{{- $_ := (set $merged.spec "volumes" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.volumes $overrideSpec.volumes "name" "redpanda.mergeVolume") ))) "r")) -}} +{{- $merged := (merge (dict) (mustMergeOverwrite (dict) (dict "metadata" (mustMergeOverwrite (dict) (dict "labels" $overrides.labels "annotations" $overrides.annotations)) "spec" $overrideSpec)) $original) -}} +{{- $_ := (set $merged.spec "initContainers" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.initContainers $overrideSpec.initContainers "name" "redpanda.mergeContainer")))) "r")) -}} +{{- $_ := (set $merged.spec "containers" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.containers $overrideSpec.containers "name" "redpanda.mergeContainer")))) "r")) -}} +{{- $_ := (set $merged.spec "volumes" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.spec.volumes $overrideSpec.volumes "name" "redpanda.mergeVolume")))) "r")) -}} {{- if (eq (toJson $merged.metadata.labels) "null") -}} -{{- $_ := (set $merged.metadata "labels" (dict )) -}} +{{- $_ := (set $merged.metadata "labels" (dict)) -}} {{- end -}} {{- if (eq (toJson $merged.metadata.annotations) "null") -}} -{{- $_ := (set $merged.metadata "annotations" (dict )) -}} +{{- $_ := (set $merged.metadata "annotations" (dict)) -}} {{- end -}} {{- if (eq (toJson $merged.spec.nodeSelector) "null") -}} -{{- $_ := (set $merged.spec "nodeSelector" (dict )) -}} +{{- $_ := (set $merged.spec "nodeSelector" (dict)) -}} {{- end -}} {{- if (eq (toJson $merged.spec.tolerations) "null") -}} -{{- $_ := (set $merged.spec "tolerations" (list )) -}} +{{- $_ := (set $merged.spec "tolerations" (list)) -}} {{- end -}} {{- if (eq (toJson $merged.spec.imagePullSecrets) "null") -}} -{{- $_ := (set $merged.spec "imagePullSecrets" (list )) -}} +{{- $_ := (set $merged.spec "imagePullSecrets" (list)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $merged) | toJson -}} @@ -522,12 +495,12 @@ {{- $mergeFunc := (index .a 3) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $originalKeys := (dict ) -}} -{{- $overrideByKey := (dict ) -}} +{{- $originalKeys := (dict) -}} +{{- $overrideByKey := (dict) -}} {{- range $_, $el := $override -}} -{{- $_509_key_ok := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey) ))) "r") -}} -{{- $key := (index $_509_key_ok 0) -}} -{{- $ok := (index $_509_key_ok 1) -}} +{{- $_493_key_ok := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey)))) "r") -}} +{{- $key := (index $_493_key_ok 0) -}} +{{- $ok := (index $_493_key_ok 1) -}} {{- if (not $ok) -}} {{- continue -}} {{- end -}} @@ -538,36 +511,36 @@ {{- end -}} {{- $merged := (coalesce nil) -}} {{- range $_, $el := $original -}} -{{- $_521_key__ := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey) ))) "r") -}} -{{- $key := (index $_521_key__ 0) -}} -{{- $_ := (index $_521_key__ 1) -}} +{{- $_505_key__ := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey)))) "r") -}} +{{- $key := (index $_505_key__ 0) -}} +{{- $_ := (index $_505_key__ 1) -}} {{- $_ := (set $originalKeys $key true) -}} -{{- $_523_elOverride_7_ok_8 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideByKey $key (coalesce nil)) ))) "r") -}} -{{- $elOverride_7 := (index $_523_elOverride_7_ok_8 0) -}} -{{- $ok_8 := (index $_523_elOverride_7_ok_8 1) -}} +{{- $_507_elOverride_7_ok_8 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideByKey $key (coalesce nil))))) "r") -}} +{{- $elOverride_7 := (index $_507_elOverride_7_ok_8 0) -}} +{{- $ok_8 := (index $_507_elOverride_7_ok_8 1) -}} {{- if $ok_8 -}} -{{- $merged = (concat (default (list ) $merged) (list (get (fromJson (include $mergeFunc (dict "a" (list $el $elOverride_7) ))) "r"))) -}} +{{- $merged = (concat (default (list) $merged) (list (get (fromJson (include $mergeFunc (dict "a" (list $el $elOverride_7)))) "r"))) -}} {{- else -}} -{{- $merged = (concat (default (list ) $merged) (list $el)) -}} +{{- $merged = (concat (default (list) $merged) (list $el)) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $_, $el := $override -}} -{{- $_533_key_ok := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey) ))) "r") -}} -{{- $key := (index $_533_key_ok 0) -}} -{{- $ok := (index $_533_key_ok 1) -}} +{{- $_517_key_ok := (get (fromJson (include "_shims.get" (dict "a" (list $el $mergeKey)))) "r") -}} +{{- $key := (index $_517_key_ok 0) -}} +{{- $ok := (index $_517_key_ok 1) -}} {{- if (not $ok) -}} {{- continue -}} {{- end -}} -{{- $_538___ok_9 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $originalKeys $key false) ))) "r") -}} -{{- $_ := (index $_538___ok_9 0) -}} -{{- $ok_9 := (index $_538___ok_9 1) -}} +{{- $_522___ok_9 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $originalKeys $key false)))) "r") -}} +{{- $_ := (index $_522___ok_9 0) -}} +{{- $ok_9 := (index $_522___ok_9 1) -}} {{- if $ok_9 -}} {{- continue -}} {{- end -}} -{{- $merged = (concat (default (list ) $merged) (list (merge (dict ) $el))) -}} +{{- $merged = (concat (default (list) $merged) (list (merge (dict) $el))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -584,7 +557,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $overrides)) | toJson -}} +{{- (dict "r" (merge (dict) $overrides)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -595,7 +568,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $override $original)) | toJson -}} +{{- (dict "r" (merge (dict) $override $original)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -606,7 +579,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $override $original)) | toJson -}} +{{- (dict "r" (merge (dict) $override $original)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -616,9 +589,9 @@ {{- $override := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $merged := (merge (dict ) $override $original) -}} -{{- $_ := (set $merged "env" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.env $override.env "name" "redpanda.mergeEnvVar") ))) "r")) -}} -{{- $_ := (set $merged "volumeMounts" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.volumeMounts $override.volumeMounts "name" "redpanda.mergeVolumeMount") ))) "r")) -}} +{{- $merged := (merge (dict) $override $original) -}} +{{- $_ := (set $merged "env" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.env $override.env "name" "redpanda.mergeEnvVar")))) "r")) -}} +{{- $_ := (set $merged "volumeMounts" (get (fromJson (include "redpanda.mergeSliceBy" (dict "a" (list $original.volumeMounts $override.volumeMounts "name" "redpanda.mergeVolumeMount")))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $merged) | toJson -}} {{- break -}} @@ -629,11 +602,11 @@ {{- $args := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $parsed := (dict ) -}} +{{- $parsed := (dict) -}} {{- $i := -1 -}} {{- range $_, $_ := $args -}} {{- $i = ((add $i (1 | int)) | int) -}} -{{- if (ge $i ((get (fromJson (include "_shims.len" (dict "a" (list $args) ))) "r") | int)) -}} +{{- if (ge $i ((get (fromJson (include "_shims.len" (dict "a" (list $args)))) "r") | int)) -}} {{- break -}} {{- end -}} {{- if (not (hasPrefix "-" (index $args $i))) -}} @@ -641,11 +614,11 @@ {{- end -}} {{- $flag := (index $args $i) -}} {{- $spl := (mustRegexSplit " |=" $flag (2 | int)) -}} -{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $spl) ))) "r") | int) (2 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $spl)))) "r") | int) (2 | int)) -}} {{- $_ := (set $parsed (index $spl (0 | int)) (index $spl (1 | int))) -}} {{- continue -}} {{- end -}} -{{- if (and (lt ((add $i (1 | int)) | int) ((get (fromJson (include "_shims.len" (dict "a" (list $args) ))) "r") | int)) (not (hasPrefix "-" (index $args ((add $i (1 | int)) | int))))) -}} +{{- if (and (lt ((add $i (1 | int)) | int) ((get (fromJson (include "_shims.len" (dict "a" (list $args)))) "r") | int)) (not (hasPrefix "-" (index $args ((add $i (1 | int)) | int))))) -}} {{- $_ := (set $parsed $flag (index $args ((add $i (1 | int)) | int))) -}} {{- $i = ((add $i (1 | int)) | int) -}} {{- continue -}} diff --git a/charts/redpanda/templates/_notes.go.tpl b/charts/redpanda/templates/_notes.go.tpl index b0169d0e4d..82cdb423ce 100644 --- a/charts/redpanda/templates/_notes.go.tpl +++ b/charts/redpanda/templates/_notes.go.tpl @@ -5,9 +5,9 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $warnings := (coalesce nil) -}} -{{- $w_1 := (get (fromJson (include "redpanda.cpuWarning" (dict "a" (list $dot) ))) "r") -}} +{{- $w_1 := (get (fromJson (include "redpanda.cpuWarning" (dict "a" (list $dot)))) "r") -}} {{- if (ne $w_1 "") -}} -{{- $warnings = (concat (default (list ) $warnings) (list (printf `**Warning**: %s` $w_1))) -}} +{{- $warnings = (concat (default (list) $warnings) (list (printf `**Warning**: %s` $w_1))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $warnings) | toJson -}} @@ -20,7 +20,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $coresInMillis := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $values.resources.cpu.cores) ))) "r") | int64) -}} +{{- $coresInMillis := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $values.resources.cpu.cores)))) "r") | int64) -}} {{- if (lt $coresInMillis (1000 | int64)) -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "%dm is below the minimum recommended CPU value for Redpanda" $coresInMillis)) | toJson -}} @@ -37,38 +37,38 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $anySASL := (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $anySASL := (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth)))) "r") -}} {{- $notes := (coalesce nil) -}} -{{- $notes = (concat (default (list ) $notes) (list `` `` `` `` (printf `Congratulations on installing %s!` $dot.Chart.Name) `` `The pods will rollout in a few seconds. To check the status:` `` (printf ` kubectl -n %s rollout status statefulset %s --watch` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")))) -}} +{{- $notes = (concat (default (list) $notes) (list `` `` `` `` (printf `Congratulations on installing %s!` $dot.Chart.Name) `` `The pods will rollout in a few seconds. To check the status:` `` (printf ` kubectl -n %s rollout status statefulset %s --watch` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")))) -}} {{- if (and $values.external.enabled (eq $values.external.type "LoadBalancer")) -}} -{{- $notes = (concat (default (list ) $notes) (list `` `If you are using the load balancer service with a cloud provider, the services will likely have automatically-generated addresses. In this scenario the advertised listeners must be updated in order for external access to work. Run the following command once Redpanda is deployed:` `` (printf ` helm upgrade %s redpanda/redpanda --reuse-values -n %s --set $(kubectl get svc -n %s -o jsonpath='{"external.addresses={"}{ range .items[*]}{.status.loadBalancer.ingress[0].ip }{.status.loadBalancer.ingress[0].hostname}{","}{ end }{"}\n"}')` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") $dot.Release.Namespace $dot.Release.Namespace))) -}} +{{- $notes = (concat (default (list) $notes) (list `` `If you are using the load balancer service with a cloud provider, the services will likely have automatically-generated addresses. In this scenario the advertised listeners must be updated in order for external access to work. Run the following command once Redpanda is deployed:` `` (printf ` helm upgrade %s redpanda/redpanda --reuse-values -n %s --set $(kubectl get svc -n %s -o jsonpath='{"external.addresses={"}{ range .items[*]}{.status.loadBalancer.ingress[0].ip }{.status.loadBalancer.ingress[0].hostname}{","}{ end }{"}\n"}')` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") $dot.Release.Namespace $dot.Release.Namespace))) -}} {{- end -}} {{- $profiles := (keys $values.listeners.kafka.external) -}} {{- $_ := (sortAlpha $profiles) -}} {{- $profileName := (index $profiles (0 | int)) -}} -{{- $notes = (concat (default (list ) $notes) (list `` `Set up rpk for access to your external listeners:`)) -}} -{{- $profile := (ternary (index $values.listeners.kafka.external $profileName) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "authenticationMethod" (coalesce nil) "prefixTemplate" (coalesce nil) "tls" (coalesce nil) ) (hasKey $values.listeners.kafka.external $profileName)) -}} -{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- $notes = (concat (default (list) $notes) (list `` `Set up rpk for access to your external listeners:`)) -}} +{{- $profile := (ternary (index $values.listeners.kafka.external $profileName) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil)) (hasKey $values.listeners.kafka.external $profileName)) -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot)))) "r") -}} {{- $external := "" -}} {{- if (and (ne (toJson $profile.tls) "null") (ne (toJson $profile.tls.cert) "null")) -}} {{- $external = $profile.tls.cert -}} {{- else -}} {{- $external = $values.listeners.kafka.tls.cert -}} {{- end -}} -{{- $notes = (concat (default (list ) $notes) (list (printf ` kubectl get secret -n %s %s-%s-cert -o go-template='{{ index .data "ca.crt" | base64decode }}' > ca.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $external))) -}} +{{- $notes = (concat (default (list) $notes) (list (printf ` kubectl get secret -n %s %s-%s-cert -o go-template='{{ index .data "ca.crt" | base64decode }}' > ca.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $external))) -}} {{- if (or $values.listeners.kafka.tls.requireClientAuth $values.listeners.admin.tls.requireClientAuth) -}} -{{- $notes = (concat (default (list ) $notes) (list (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.crt" | base64decode }}' > tls.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.key" | base64decode }}' > tls.key` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")))) -}} +{{- $notes = (concat (default (list) $notes) (list (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.crt" | base64decode }}' > tls.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.key" | base64decode }}' > tls.key` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")))) -}} {{- end -}} {{- end -}} -{{- $notes = (concat (default (list ) $notes) (list (printf ` rpk profile create --from-profile <(kubectl get configmap -n %s %s-rpk -o go-template='{{ .data.profile }}') %s` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $profileName) `` `Set up dns to look up the pods on their Kubernetes Nodes. You can use this query to get the list of short-names to IP addresses. Add your external domain to the hostnames and you could test by adding these to your /etc/hosts:` `` (printf ` kubectl get pod -n %s -o custom-columns=node:.status.hostIP,name:.metadata.name --no-headers -l app.kubernetes.io/name=redpanda,app.kubernetes.io/component=redpanda-statefulset` $dot.Release.Namespace))) -}} +{{- $notes = (concat (default (list) $notes) (list (printf ` rpk profile create --from-profile <(kubectl get configmap -n %s %s-rpk -o go-template='{{ .data.profile }}') %s` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $profileName) `` `Set up dns to look up the pods on their Kubernetes Nodes. You can use this query to get the list of short-names to IP addresses. Add your external domain to the hostnames and you could test by adding these to your /etc/hosts:` `` (printf ` kubectl get pod -n %s -o custom-columns=node:.status.hostIP,name:.metadata.name --no-headers -l app.kubernetes.io/name=redpanda,app.kubernetes.io/component=redpanda-statefulset` $dot.Release.Namespace))) -}} {{- if $anySASL -}} -{{- $notes = (concat (default (list ) $notes) (list `` `Set the credentials in the environment:` `` (printf ` kubectl -n %s get secret %s -o go-template="{{ range .data }}{{ . | base64decode }}{{ end }}" | IFS=: read -r %s` $dot.Release.Namespace $values.auth.sasl.secretRef (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot) ))) "r")) (printf ` export %s` (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot) ))) "r")))) -}} +{{- $notes = (concat (default (list) $notes) (list `` `Set the credentials in the environment:` `` (printf ` kubectl -n %s get secret %s -o go-template="{{ range .data }}{{ . | base64decode }}{{ end }}" | IFS=: read -r %s` $dot.Release.Namespace $values.auth.sasl.secretRef (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot)))) "r")) (printf ` export %s` (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot)))) "r")))) -}} {{- end -}} -{{- $notes = (concat (default (list ) $notes) (list `` `Try some sample commands:`)) -}} +{{- $notes = (concat (default (list) $notes) (list `` `Try some sample commands:`)) -}} {{- if $anySASL -}} -{{- $notes = (concat (default (list ) $notes) (list `Create a user:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLUserCreate" (dict "a" (list $dot) ))) "r")) `` `Give the user permissions:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLCreate" (dict "a" (list $dot) ))) "r")))) -}} +{{- $notes = (concat (default (list) $notes) (list `Create a user:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLUserCreate" (dict "a" (list $dot)))) "r")) `` `Give the user permissions:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLCreate" (dict "a" (list $dot)))) "r")))) -}} {{- end -}} -{{- $notes = (concat (default (list ) $notes) (list `` `Get the api status:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkClusterInfo" (dict "a" (list $dot) ))) "r")) `` `Create a topic` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicCreate" (dict "a" (list $dot) ))) "r")) `` `Describe the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDescribe" (dict "a" (list $dot) ))) "r")) `` `Delete the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDelete" (dict "a" (list $dot) ))) "r")))) -}} +{{- $notes = (concat (default (list) $notes) (list `` `Get the api status:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkClusterInfo" (dict "a" (list $dot)))) "r")) `` `Create a topic` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicCreate" (dict "a" (list $dot)))) "r")) `` `Describe the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDescribe" (dict "a" (list $dot)))) "r")) `` `Delete the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDelete" (dict "a" (list $dot)))) "r")))) -}} {{- $_is_returning = true -}} {{- (dict "r" $notes) | toJson -}} {{- break -}} @@ -80,7 +80,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf `rpk acl user create myuser --new-password changeme --mechanism %s` (get (fromJson (include "redpanda.GetSASLMechanism" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- (dict "r" (printf `rpk acl user create myuser --new-password changeme --mechanism %s` (get (fromJson (include "redpanda.GetSASLMechanism" (dict "a" (list $dot)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -153,7 +153,7 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- if (get (fromJson (include "redpanda.RedpandaAtLeast_23_2_1" (dict "a" (list $dot) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.RedpandaAtLeast_23_2_1" (dict "a" (list $dot)))) "r") -}} {{- $_is_returning = true -}} {{- (dict "r" `RPK_USER RPK_PASS RPK_SASL_MECHANISM`) | toJson -}} {{- break -}} diff --git a/charts/redpanda/templates/_poddisruptionbudget.go.tpl b/charts/redpanda/templates/_poddisruptionbudget.go.tpl index 763b7b0bdf..a33e1c3ed8 100644 --- a/charts/redpanda/templates/_poddisruptionbudget.go.tpl +++ b/charts/redpanda/templates/_poddisruptionbudget.go.tpl @@ -11,10 +11,10 @@ {{- $_ := (fail (printf "statefulset.budget.maxUnavailable is set too high to maintain quorum: %d > %d" $budget $minReplicas)) -}} {{- end -}} {{- $maxUnavailable := ($budget | int) -}} -{{- $matchLabels := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") -}} -{{- $_ := (set $matchLabels "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $matchLabels := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r") -}} +{{- $_ := (set $matchLabels "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "disruptionsAllowed" 0 "currentHealthy" 0 "desiredHealthy" 0 "expectedPods" 0 ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "policy/v1" "kind" "PodDisruptionBudget" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (dict "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" $matchLabels )) "maxUnavailable" $maxUnavailable )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "disruptionsAllowed" 0 "currentHealthy" 0 "desiredHealthy" 0 "expectedPods" 0)) (mustMergeOverwrite (dict) (dict "apiVersion" "policy/v1" "kind" "PodDisruptionBudget")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict) (dict "selector" (mustMergeOverwrite (dict) (dict "matchLabels" $matchLabels)) "maxUnavailable" $maxUnavailable))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_post-install-upgrade-job.go.tpl b/charts/redpanda/templates/_post-install-upgrade-job.go.tpl index 6fb625d699..778db6dcb9 100644 --- a/charts/redpanda/templates/_post-install-upgrade-job.go.tpl +++ b/charts/redpanda/templates/_post-install-upgrade-job.go.tpl @@ -5,10 +5,10 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $env := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $values.storage.tiered.credentialsSecretRef (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) ))) "r") -}} -{{- $image := (printf `%s:%s` $values.statefulset.sideCars.controllers.image.repository $values.statefulset.sideCars.controllers.image.tag) -}} +{{- $env := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $values.storage.tiered.credentialsSecretRef (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r"))))) "r") -}} +{{- $image := (printf `%s:%s` $values.statefulset.sideCars.image.repository $values.statefulset.sideCars.image.tag) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "bootstrap-yaml-envsubst" "image" $image "command" (list "/redpanda-operator" "envsubst" "/tmp/base-config/bootstrap.yaml" "--output" "/tmp/config/.bootstrap.yaml") "env" $env "resources" (mustMergeOverwrite (dict ) (dict "limits" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m") ))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi") ))) "r") ) "requests" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m") ))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi") ))) "r") ) )) "securityContext" (mustMergeOverwrite (dict ) (dict "allowPrivilegeEscalation" false "readOnlyRootFilesystem" true "runAsNonRoot" true )) "volumeMounts" (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/tmp/config/" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config/" ))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "bootstrap-yaml-envsubst" "image" $image "command" (list "/redpanda-operator" "envsubst" "/tmp/base-config/bootstrap.yaml" "--output" "/tmp/config/.bootstrap.yaml") "env" $env "resources" (mustMergeOverwrite (dict) (dict "limits" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m")))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi")))) "r")) "requests" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m")))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi")))) "r")))) "securityContext" (mustMergeOverwrite (dict) (dict "allowPrivilegeEscalation" false "readOnlyRootFilesystem" true "runAsNonRoot" true)) "volumeMounts" (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "config" "mountPath" "/tmp/config/")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/tmp/base-config/")))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -23,8 +23,8 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $image := (printf `%s:%s` $values.statefulset.sideCars.controllers.image.repository $values.statefulset.sideCars.controllers.image.tag) -}} -{{- $job := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "batch/v1" "kind" "Job" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-configuration" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (merge (dict ) (default (dict ) $values.post_install_job.labels) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r")) "annotations" (merge (dict ) (default (dict ) $values.post_install_job.annotations) (dict "helm.sh/hook" "post-install,post-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation" "helm.sh/hook-weight" "-5" )) )) "spec" (mustMergeOverwrite (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) (dict "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.post_install_job.podTemplate) ))) "r") (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.podTemplate) ))) "r") (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "generateName" (printf "%s-post-" $dot.Release.Name) "labels" (merge (dict ) (dict "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/component" (printf "%.50s-post-install" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")) ) (default (dict ) $values.commonLabels)) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "restartPolicy" "Never" "initContainers" (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot) ))) "r")) "automountServiceAccountToken" false "containers" (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "post-install" "image" $image "env" (get (fromJson (include "redpanda.PostInstallUpgradeEnvironmentVariables" (dict "a" (list $dot) ))) "r") "command" (list "/redpanda-operator" "sync-cluster-config" "--users-directory" "/etc/secrets/users" "--redpanda-yaml" "/tmp/base-config/redpanda.yaml" "--bootstrap-yaml" "/tmp/config/.bootstrap.yaml") "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/tmp/config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )))) ))) "volumes" (concat (default (list ) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) (dict )) )) (dict "name" "base-config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) (dict "name" "config" )))) "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") )) ))) ))) "r")) ))) "r") )) )) -}} +{{- $image := (printf `%s:%s` $values.statefulset.sideCars.image.repository $values.statefulset.sideCars.image.tag) -}} +{{- $job := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil)))) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "batch/v1" "kind" "Job")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-configuration" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (merge (dict) (default (dict) $values.post_install_job.labels) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r")) "annotations" (merge (dict) (default (dict) $values.post_install_job.annotations) (dict "helm.sh/hook" "post-install,post-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation" "helm.sh/hook-weight" "-5")))) "spec" (mustMergeOverwrite (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil)))) (dict "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.post_install_job.podTemplate)))) "r") (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.podTemplate)))) "r") (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "generateName" (printf "%s-post-" $dot.Release.Name) "labels" (merge (dict) (dict "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/component" (printf "%.50s-post-install" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r"))) (default (dict) $values.commonLabels)))) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil)) (dict "restartPolicy" "Never" "initContainers" (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot)))) "r")) "automountServiceAccountToken" false "containers" (list (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "post-install" "image" $image "env" (get (fromJson (include "redpanda.PostInstallUpgradeEnvironmentVariables" (dict "a" (list $dot)))) "r") "command" (list "/redpanda-operator" "sync-cluster-config" "--users-directory" "/etc/secrets/users" "--redpanda-yaml" "/tmp/base-config/redpanda.yaml" "--bootstrap-yaml" "/tmp/config/.bootstrap.yaml") "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "config" "mountPath" "/tmp/config")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/tmp/base-config"))))))) "volumes" (concat (default (list) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))) (dict)))) (dict "name" "base-config")) (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "emptyDir" (mustMergeOverwrite (dict) (dict)))) (dict "name" "config")))) "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot)))) "r"))))))))) "r"))))) "r"))))) -}} {{- $_is_returning = true -}} {{- (dict "r" $job) | toJson -}} {{- break -}} @@ -35,18 +35,18 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $envars := (list ) -}} +{{- $envars := (list) -}} {{- $values := $dot.Values.AsMap -}} {{- $license_1 := $values.enterprise.license -}} {{- $secretReference_2 := $values.enterprise.licenseSecretRef -}} {{- if (ne $license_1 "") -}} -{{- $envars = (concat (default (list ) $envars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_LICENSE" "value" $license_1 )))) -}} +{{- $envars = (concat (default (list) $envars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_LICENSE" "value" $license_1)))) -}} {{- else -}}{{- if (ne (toJson $secretReference_2) "null") -}} -{{- $envars = (concat (default (list ) $envars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_LICENSE" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" $secretReference_2 )) )))) -}} +{{- $envars = (concat (default (list) $envars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_LICENSE" "valueFrom" (mustMergeOverwrite (dict) (dict "secretKeyRef" $secretReference_2)))))) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot $envars) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot $envars)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_rbac.go.tpl b/charts/redpanda/templates/_rbac.go.tpl index 8279fe5428..92294b7967 100644 --- a/charts/redpanda/templates/_rbac.go.tpl +++ b/charts/redpanda/templates/_rbac.go.tpl @@ -1,105 +1,90 @@ {{- /* Generated from "rbac.go" */ -}} -{{- define "redpanda.ClusterRoles" -}} +{{- define "redpanda.Roles" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $crs := (coalesce nil) -}} -{{- $cr_1 := (get (fromJson (include "redpanda.SidecarControllersClusterRole" (dict "a" (list $dot) ))) "r") -}} -{{- if (ne (toJson $cr_1) "null") -}} -{{- $crs = (concat (default (list ) $crs) (list $cr_1)) -}} -{{- end -}} -{{- if (not $values.rbac.enabled) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $crs) | toJson -}} +{{- $mapping := (dict "files/sidecar.Role.yaml" (and $values.rbac.enabled $values.statefulset.sideCars.controllers.createRBAC) "files/pvcunbinder.Role.yaml" (and $values.rbac.enabled $values.statefulset.sideCars.controllers.createRBAC) "files/decommission.Role.yaml" (and $values.rbac.enabled $values.statefulset.sideCars.controllers.createRBAC) "files/rpk-debug-bundle.Role.yaml" (and $values.rbac.enabled $values.rbac.rpkDebugBundle)) -}} +{{- $roles := (coalesce nil) -}} +{{- range $file, $enabled := $mapping -}} +{{- if (not $enabled) -}} +{{- continue -}} +{{- end -}} +{{- $role := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} +{{- $_ := (set $role.metadata "name" (printf "%s-%s" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") $role.metadata.name)) -}} +{{- $_ := (set $role.metadata "namespace" $dot.Release.Namespace) -}} +{{- $_ := (set $role.metadata "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r")) -}} +{{- $_ := (set $role.metadata "annotations" (merge (dict) (dict) $values.serviceAccount.annotations $values.rbac.annotations)) -}} +{{- $roles = (concat (default (list) $roles) (list $role)) -}} +{{- end -}} +{{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $rpkBundleName := (printf "%s-rpk-bundle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} -{{- $crs = (concat (default (list ) $crs) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "nodes") "verbs" (list "get" "list") ))) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $rpkBundleName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "configmaps" "endpoints" "events" "limitranges" "persistentvolumeclaims" "pods" "pods/log" "replicationcontrollers" "resourcequotas" "serviceaccounts" "services") "verbs" (list "get" "list") ))) ))))) -}} {{- $_is_returning = true -}} -{{- (dict "r" $crs) | toJson -}} +{{- (dict "r" $roles) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.ClusterRoleBindings" -}} +{{- define "redpanda.ClusterRoles" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $crbs := (coalesce nil) -}} -{{- $crb_2 := (get (fromJson (include "redpanda.SidecarControllersClusterRoleBinding" (dict "a" (list $dot) ))) "r") -}} -{{- if (ne (toJson $crb_2) "null") -}} -{{- $crbs = (concat (default (list ) $crbs) (list $crb_2)) -}} -{{- end -}} -{{- if (not $values.rbac.enabled) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $crbs) | toJson -}} +{{- $mapping := (dict "files/pvcunbinder.ClusterRole.yaml" (and $values.rbac.enabled $values.statefulset.sideCars.controllers.createRBAC) "files/decommission.ClusterRole.yaml" (and $values.rbac.enabled $values.statefulset.sideCars.controllers.createRBAC) "files/rack-awareness.ClusterRole.yaml" (and $values.rbac.enabled $values.rackAwareness.enabled)) -}} +{{- $clusterRoles := (coalesce nil) -}} +{{- range $file, $enabled := $mapping -}} +{{- if (not $enabled) -}} +{{- continue -}} +{{- end -}} +{{- $role := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} +{{- $_ := (set $role.metadata "name" (printf "%s-%s" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $role.metadata.name)) -}} +{{- $_ := (set $role.metadata "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r")) -}} +{{- $_ := (set $role.metadata "annotations" (merge (dict) (dict) $values.serviceAccount.annotations $values.rbac.annotations)) -}} +{{- $clusterRoles = (concat (default (list) $clusterRoles) (list $role)) -}} +{{- end -}} +{{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $rpkBundleName := (printf "%s-rpk-bundle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} -{{- $crbs = (concat (default (list ) $crbs) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $rpkBundleName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $rpkBundleName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))))) -}} {{- $_is_returning = true -}} -{{- (dict "r" $crbs) | toJson -}} +{{- (dict "r" $clusterRoles) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.SidecarControllersClusterRole" -}} +{{- define "redpanda.RoleBindings" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not (get (fromJson (include "redpanda.Sidecars.ShouldCreateRBAC" (dict "a" (list $values.statefulset.sideCars) ))) "r")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (coalesce nil)) | toJson -}} -{{- break -}} +{{- $roleBindings := (coalesce nil) -}} +{{- range $_, $role := (get (fromJson (include "redpanda.Roles" (dict "a" (list $dot)))) "r") -}} +{{- $roleBindings = (concat (default (list) $roleBindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "roleRef" (dict "apiGroup" "" "kind" "" "name" "")) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $role.metadata.name "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "annotations" (merge (dict) (dict) $values.serviceAccount.annotations $values.rbac.annotations))) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "") (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" $role.metadata.name)) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "") (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace))))))) -}} {{- end -}} -{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "persistentvolumes") "verbs" (list "delete" "get" "list" "patch" "update" "watch") ))) ))) | toJson -}} +{{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- end -}} - -{{- define "redpanda.SidecarControllersClusterRoleBinding" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- if (not (get (fromJson (include "redpanda.Sidecars.ShouldCreateRBAC" (dict "a" (list $values.statefulset.sideCars) ))) "r")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (coalesce nil)) | toJson -}} -{{- break -}} -{{- end -}} -{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $sidecarControllerName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) | toJson -}} +{{- (dict "r" $roleBindings) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.SidecarControllersRole" -}} +{{- define "redpanda.ClusterRoleBindings" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "apps") "resources" (list "statefulsets/status") "verbs" (list "patch" "update") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "secrets" "pods") "verbs" (list "get" "list" "watch") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "apps") "resources" (list "statefulsets") "verbs" (list "get" "list" "patch" "update" "watch") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "persistentvolumeclaims") "verbs" (list "delete" "get" "list" "patch" "update" "watch") ))) ))) | toJson -}} -{{- break -}} +{{- $crbs := (coalesce nil) -}} +{{- range $_, $clusterRole := (get (fromJson (include "redpanda.ClusterRoles" (dict "a" (list $dot)))) "r") -}} +{{- $crbs = (concat (default (list) $crbs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "roleRef" (dict "apiGroup" "" "kind" "" "name" "")) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $clusterRole.metadata.name "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "annotations" (merge (dict) (dict) $values.serviceAccount.annotations $values.rbac.annotations))) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "") (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $clusterRole.metadata.name)) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "") (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace))))))) -}} {{- end -}} +{{- if $_is_returning -}} +{{- break -}} {{- end -}} - -{{- define "redpanda.SidecarControllersRoleBinding" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" $sidecarControllerName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) | toJson -}} +{{- (dict "r" $crbs) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_secrets.go.tpl b/charts/redpanda/templates/_secrets.go.tpl index 29e944d6d1..13c8f29876 100644 --- a/charts/redpanda/templates/_secrets.go.tpl +++ b/charts/redpanda/templates/_secrets.go.tpl @@ -5,19 +5,19 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $secrets := (coalesce nil) -}} -{{- $secrets = (concat (default (list ) $secrets) (list (get (fromJson (include "redpanda.SecretSTSLifecycle" (dict "a" (list $dot) ))) "r"))) -}} -{{- $saslUsers_1 := (get (fromJson (include "redpanda.SecretSASLUsers" (dict "a" (list $dot) ))) "r") -}} +{{- $secrets = (concat (default (list) $secrets) (list (get (fromJson (include "redpanda.SecretSTSLifecycle" (dict "a" (list $dot)))) "r"))) -}} +{{- $saslUsers_1 := (get (fromJson (include "redpanda.SecretSASLUsers" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $saslUsers_1) "null") -}} -{{- $secrets = (concat (default (list ) $secrets) (list $saslUsers_1)) -}} +{{- $secrets = (concat (default (list) $secrets) (list $saslUsers_1)) -}} {{- end -}} -{{- $secrets = (concat (default (list ) $secrets) (list (get (fromJson (include "redpanda.SecretConfigurator" (dict "a" (list $dot) ))) "r"))) -}} -{{- $fsValidator_2 := (get (fromJson (include "redpanda.SecretFSValidator" (dict "a" (list $dot) ))) "r") -}} +{{- $secrets = (concat (default (list) $secrets) (list (get (fromJson (include "redpanda.SecretConfigurator" (dict "a" (list $dot)))) "r"))) -}} +{{- $fsValidator_2 := (get (fromJson (include "redpanda.SecretFSValidator" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $fsValidator_2) "null") -}} -{{- $secrets = (concat (default (list ) $secrets) (list $fsValidator_2)) -}} +{{- $secrets = (concat (default (list) $secrets) (list $fsValidator_2)) -}} {{- end -}} -{{- $bootstrapUser_3 := (get (fromJson (include "redpanda.SecretBootstrapUser" (dict "a" (list $dot) ))) "r") -}} +{{- $bootstrapUser_3 := (get (fromJson (include "redpanda.SecretBootstrapUser" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $bootstrapUser_3) "null") -}} -{{- $secrets = (concat (default (list ) $secrets) (list $bootstrapUser_3)) -}} +{{- $secrets = (concat (default (list) $secrets) (list $bootstrapUser_3)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $secrets) | toJson -}} @@ -30,18 +30,18 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-sts-lifecycle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} -{{- $adminCurlFlags := (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") -}} -{{- $_ := (set $secret.stringData "common.sh" (join "\n" (list `#!/usr/bin/env bash` `` `# the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME` (printf `CURL_URL="%s"` (get (fromJson (include "redpanda.adminInternalURL" (dict "a" (list $dot) ))) "r")) `` `# commands used throughout` (printf `CURL_NODE_ID_CMD="curl --silent --fail %s ${CURL_URL}/v1/node_config"` $adminCurlFlags) `` `CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"'` `CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"'` (printf `CURL_MAINTENANCE_GET_CMD="curl -X GET --silent %s ${CURL_URL}/v1/maintenance"` $adminCurlFlags)))) -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Secret")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-sts-lifecycle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "type" "Opaque" "stringData" (dict))) -}} +{{- $adminCurlFlags := (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot)))) "r") -}} +{{- $_ := (set $secret.stringData "common.sh" (join "\n" (list `#!/usr/bin/env bash` `` `# the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME` (printf `CURL_URL="%s"` (get (fromJson (include "redpanda.adminInternalURL" (dict "a" (list $dot)))) "r")) `` `# commands used throughout` (printf `CURL_NODE_ID_CMD="curl --silent --fail %s ${CURL_URL}/v1/node_config"` $adminCurlFlags) `` `CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"'` `CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"'` (printf `CURL_MAINTENANCE_GET_CMD="curl -X GET --silent %s ${CURL_URL}/v1/maintenance"` $adminCurlFlags)))) -}} {{- $postStartSh := (list `#!/usr/bin/env bash` `# This code should be similar if not exactly the same as that found in the panda-operator, see` `# https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go` `` `# path below should match the path defined on the statefulset` `source /var/lifecycle/common.sh` `` `postStartHook () {` ` set -x` `` ` touch /tmp/postStartHookStarted` `` ` until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do` ` sleep 0.5` ` done` `` ` echo "Clearing maintenance mode on node ${NODE_ID}"` (printf ` CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} %s ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"` $adminCurlFlags) ` # a 400 here would mean not in maintenance mode` ` until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do` ` status=$(${CURL_MAINTENANCE_DELETE_CMD})` ` sleep 0.5` ` done` `` ` touch /tmp/postStartHookFinished` `}` `` `postStartHook` `true`) -}} {{- $_ := (set $secret.stringData "postStart.sh" (join "\n" $postStartSh)) -}} {{- $preStopSh := (list `#!/usr/bin/env bash` `# This code should be similar if not exactly the same as that found in the panda-operator, see` `# https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go` `` `touch /tmp/preStopHookStarted` `` `# path below should match the path defined on the statefulset` `source /var/lifecycle/common.sh` `` `set -x` `` `preStopHook () {` ` until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do` ` sleep 0.5` ` done` `` ` echo "Setting maintenance mode on node ${NODE_ID}"` (printf ` CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} %s ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"` $adminCurlFlags) ` until [ "${status:-}" = '"200"' ]; do` ` status=$(${CURL_MAINTENANCE_PUT_CMD})` ` sleep 0.5` ` done` `` ` until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do` ` res=$(${CURL_MAINTENANCE_GET_CMD})` ` finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$')` ` draining=$(echo $res | grep -o '\"draining\":[^,}]*' | grep -o '[^: ]*$')` ` sleep 0.5` ` done` `` ` touch /tmp/preStopHookFinished` `}`) -}} -{{- if (and (gt ($values.statefulset.replicas | int) (2 | int)) (not (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" (dig "recovery_mode_enabled" false $values.config.node)) ))) "r"))) -}} -{{- $preStopSh = (concat (default (list ) $preStopSh) (list `preStopHook`)) -}} +{{- if (and (gt ($values.statefulset.replicas | int) (2 | int)) (not (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" (dig "recovery_mode_enabled" false $values.config.node))))) "r"))) -}} +{{- $preStopSh = (concat (default (list) $preStopSh) (list `preStopHook`)) -}} {{- else -}} -{{- $preStopSh = (concat (default (list ) $preStopSh) (list `touch /tmp/preStopHookFinished` `echo "Not enough replicas or in recovery mode, cannot put a broker into maintenance mode."`)) -}} +{{- $preStopSh = (concat (default (list) $preStopSh) (list `touch /tmp/preStopHookFinished` `echo "Not enough replicas or in recovery mode, cannot put a broker into maintenance mode."`)) -}} {{- end -}} -{{- $preStopSh = (concat (default (list ) $preStopSh) (list `true`)) -}} +{{- $preStopSh = (concat (default (list) $preStopSh) (list `true`)) -}} {{- $_ := (set $secret.stringData "preStop.sh" (join "\n" $preStopSh)) -}} {{- $_is_returning = true -}} {{- (dict "r" $secret) | toJson -}} @@ -54,16 +54,16 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (and (and (ne $values.auth.sasl.secretRef "") $values.auth.sasl.enabled) (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.auth.sasl.users) ))) "r") | int) (0 | int))) -}} -{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $values.auth.sasl.secretRef "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} -{{- $usersTxt := (list ) -}} +{{- if (and (and (ne $values.auth.sasl.secretRef "") $values.auth.sasl.enabled) (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.auth.sasl.users)))) "r") | int) (0 | int))) -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Secret")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $values.auth.sasl.secretRef "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "type" "Opaque" "stringData" (dict))) -}} +{{- $usersTxt := (list) -}} {{- $defaultMechanism := "SCRAM-SHA-512" -}} {{- if (ne $values.auth.sasl.mechanism "") -}} {{- $defaultMechanism = $values.auth.sasl.mechanism -}} {{- end -}} {{- range $_, $user := $values.auth.sasl.users -}} -{{- $mechanism := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $user.mechanism $defaultMechanism) ))) "r") -}} -{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s:%s" $user.name $user.password $mechanism))) -}} +{{- $mechanism := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $user.mechanism $defaultMechanism)))) "r") -}} +{{- $usersTxt = (concat (default (list) $usersTxt) (list (printf "%s:%s:%s" $user.name $user.password $mechanism))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -93,8 +93,8 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $secretName := (printf "%s-bootstrap-user" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} -{{- $_206_existing_4_ok_5 := (get (fromJson (include "_shims.lookup" (dict "a" (list "v1" "Secret" $dot.Release.Namespace $secretName) ))) "r") -}} +{{- $secretName := (printf "%s-bootstrap-user" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) -}} +{{- $_206_existing_4_ok_5 := (get (fromJson (include "_shims.lookup" (dict "a" (list "v1" "Secret" $dot.Release.Namespace $secretName)))) "r") -}} {{- $existing_4 := (index $_206_existing_4_ok_5 0) -}} {{- $ok_5 := (index $_206_existing_4_ok_5 1) -}} {{- if $ok_5 -}} @@ -108,7 +108,7 @@ {{- $password = $userPassword -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $secretName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict "password" $password ) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Secret")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $secretName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "type" "Opaque" "stringData" (dict "password" $password)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -123,7 +123,7 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%.49s-fs-validator" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Secret")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%.49s-fs-validator" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "type" "Opaque" "stringData" (dict))) -}} {{- $_ := (set $secret.stringData "fsValidator.sh" `set -e EXPECTED_FS_TYPE=$1 @@ -173,18 +173,18 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%.51s-configurator" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} -{{- $configuratorSh := (list ) -}} -{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `set -xe` `SERVICE_NAME=$1` `KUBERNETES_NODE_NAME=$2` `POD_ORDINAL=${SERVICE_NAME##*-}` "BROKER_INDEX=`expr $POD_ORDINAL + 1`" `` `CONFIG=/etc/redpanda/redpanda.yaml` `` `# Setup config files` `cp /tmp/base-config/redpanda.yaml "${CONFIG}"`)) -}} -{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot) ))) "r")) -}} -{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `` `# Configure bootstrap` `## Not used for Redpanda v22.3.0+` `rpk --config "${CONFIG}" redpanda config set redpanda.node_id "${POD_ORDINAL}"` `if [ "${POD_ORDINAL}" = "0" ]; then` ` rpk --config "${CONFIG}" redpanda config set redpanda.seed_servers '[]' --format yaml` `fi`)) -}} -{{- end -}} -{{- $kafkaSnippet := (get (fromJson (include "redpanda.secretConfiguratorKafkaConfig" (dict "a" (list $dot) ))) "r") -}} -{{- $configuratorSh = (concat (default (list ) $configuratorSh) (default (list ) $kafkaSnippet)) -}} -{{- $httpSnippet := (get (fromJson (include "redpanda.secretConfiguratorHTTPConfig" (dict "a" (list $dot) ))) "r") -}} -{{- $configuratorSh = (concat (default (list ) $configuratorSh) (default (list ) $httpSnippet)) -}} -{{- if (and (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot) ))) "r") $values.rackAwareness.enabled) -}} -{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `` `# Configure Rack Awareness` `set +x` (printf `RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep %s | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/')` (squote (quote $values.rackAwareness.nodeAnnotation))) `set -x` `rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}"`)) -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Secret")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%.51s-configurator" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "type" "Opaque" "stringData" (dict))) -}} +{{- $configuratorSh := (list) -}} +{{- $configuratorSh = (concat (default (list) $configuratorSh) (list `set -xe` `SERVICE_NAME=$1` `KUBERNETES_NODE_NAME=$2` `POD_ORDINAL=${SERVICE_NAME##*-}` "BROKER_INDEX=`expr $POD_ORDINAL + 1`" `` `CONFIG=/etc/redpanda/redpanda.yaml` `` `# Setup config files` `cp /tmp/base-config/redpanda.yaml "${CONFIG}"`)) -}} +{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot)))) "r")) -}} +{{- $configuratorSh = (concat (default (list) $configuratorSh) (list `` `# Configure bootstrap` `## Not used for Redpanda v22.3.0+` `rpk --config "${CONFIG}" redpanda config set redpanda.node_id "${POD_ORDINAL}"` `if [ "${POD_ORDINAL}" = "0" ]; then` ` rpk --config "${CONFIG}" redpanda config set redpanda.seed_servers '[]' --format yaml` `fi`)) -}} +{{- end -}} +{{- $kafkaSnippet := (get (fromJson (include "redpanda.secretConfiguratorKafkaConfig" (dict "a" (list $dot)))) "r") -}} +{{- $configuratorSh = (concat (default (list) $configuratorSh) (default (list) $kafkaSnippet)) -}} +{{- $httpSnippet := (get (fromJson (include "redpanda.secretConfiguratorHTTPConfig" (dict "a" (list $dot)))) "r") -}} +{{- $configuratorSh = (concat (default (list) $configuratorSh) (default (list) $httpSnippet)) -}} +{{- if (and (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot)))) "r") $values.rackAwareness.enabled) -}} +{{- $configuratorSh = (concat (default (list) $configuratorSh) (list `` `# Configure Rack Awareness` `set +x` (printf `RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep %s | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/')` (squote (quote $values.rackAwareness.nodeAnnotation))) `set -x` `rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}"`)) -}} {{- end -}} {{- $_ := (set $secret.stringData "configurator.sh" (join "\n" $configuratorSh)) -}} {{- $_is_returning = true -}} @@ -198,38 +198,38 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r")) -}} {{- $snippet := (coalesce nil) -}} {{- $listenerName := "kafka" -}} {{- $listenerAdvertisedName := $listenerName -}} {{- $redpandaConfigPart := "redpanda" -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.kafka.port | int) )))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.kafka.external) ))) "r") | int) (0 | int)) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.kafka.port | int))))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.kafka.external)))) "r") | int) (0 | int)) -}} {{- $externalCounter := (0 | int) -}} {{- range $externalName, $externalVals := $values.listeners.kafka.external -}} {{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} {{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} {{- $port := ($externalVals.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} -{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts)))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = (index $externalVals.advertisedPorts (0 | int)) -}} {{- else -}} {{- $port = (index $externalVals.advertisedPorts $replicaIndex) -}} {{- end -}} {{- end -}} -{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex) ))) "r") -}} +{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex)))) "r") -}} {{- $address := (toJson $host) -}} -{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "") ))) "r") -}} +{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "")))) "r") -}} {{- if (eq $prefixTemplate "") -}} {{- $prefixTemplate = (default "" $values.external.prefixTemplate) -}} {{- end -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -246,38 +246,38 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r")) -}} {{- $snippet := (coalesce nil) -}} {{- $listenerName := "http" -}} {{- $listenerAdvertisedName := "pandaproxy" -}} {{- $redpandaConfigPart := "pandaproxy" -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.http.port | int) )))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.http.external) ))) "r") | int) (0 | int)) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.http.port | int))))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.http.external)))) "r") | int) (0 | int)) -}} {{- $externalCounter := (0 | int) -}} {{- range $externalName, $externalVals := $values.listeners.http.external -}} {{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} {{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} {{- $port := ($externalVals.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} -{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts)))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts)))) "r") | int) (1 | int)) -}} {{- $port = (index $externalVals.advertisedPorts (0 | int)) -}} {{- else -}} {{- $port = (index $externalVals.advertisedPorts $replicaIndex) -}} {{- end -}} {{- end -}} -{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex) ))) "r") -}} +{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex)))) "r") -}} {{- $address := (toJson $host) -}} -{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "") ))) "r") -}} +{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "")))) "r") -}} {{- if (eq $prefixTemplate "") -}} {{- $prefixTemplate = (default "" $values.external.prefixTemplate) -}} {{- end -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} +{{- $snippet = (concat (default (list) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -294,18 +294,18 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" "") | toJson -}} {{- break -}} {{- end -}} {{- if $values.listeners.admin.tls.requireClientAuth -}} -{{- $path := (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $path := (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "--cacert %s/ca.crt --cert %s/tls.crt --key %s/tls.key" $path $path $path)) | toJson -}} {{- break -}} {{- end -}} -{{- $path := (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- $path := (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $values.listeners.admin.tls $values.tls)))) "r") -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "--cacert %s" $path)) | toJson -}} {{- break -}} @@ -318,7 +318,7 @@ echo "passed"`) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $eaa := "${SERVICE_NAME}" -}} -{{- $externalDomainTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") -}} +{{- $externalDomainTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "")))) "r") -}} {{- $expanded := (tpl $externalDomainTemplate $dot) -}} {{- if (not (empty $expanded)) -}} {{- $eaa = (printf "%s.%s" "${SERVICE_NAME}" $expanded) -}} @@ -337,19 +337,19 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $host := (dict "name" $externalName "address" (get (fromJson (include "redpanda.externalAdvertiseAddress" (dict "a" (list $dot) ))) "r") "port" $port ) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} +{{- $host := (dict "name" $externalName "address" (get (fromJson (include "redpanda.externalAdvertiseAddress" (dict "a" (list $dot)))) "r") "port" $port) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (0 | int)) -}} {{- $address := "" -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (1 | int)) -}} {{- $address = (index $values.external.addresses $replicaIndex) -}} {{- else -}} {{- $address = (index $values.external.addresses (0 | int)) -}} {{- end -}} -{{- $domain_6 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") -}} +{{- $domain_6 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "")))) "r") -}} {{- if (ne $domain_6 "") -}} -{{- $host = (dict "name" $externalName "address" (printf "%s.%s" $address (tpl $domain_6 $dot)) "port" $port ) -}} +{{- $host = (dict "name" $externalName "address" (printf "%s.%s" $address (tpl $domain_6 $dot)) "port" $port) -}} {{- else -}} -{{- $host = (dict "name" $externalName "address" $address "port" $port ) -}} +{{- $host = (dict "name" $externalName "address" $address "port" $port) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} @@ -363,7 +363,7 @@ echo "passed"`) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls)))) "r") -}} {{- $_is_returning = true -}} {{- (dict "r" "https") | toJson -}} {{- break -}} @@ -380,7 +380,7 @@ echo "passed"`) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf "%s://%s.%s:%d" (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") `${SERVICE_NAME}` (trimSuffix "." (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ($values.listeners.admin.port | int))) | toJson -}} +{{- (dict "r" (printf "%s://%s.%s:%d" (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot)))) "r") `${SERVICE_NAME}` (trimSuffix "." (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r")) ($values.listeners.admin.port | int))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_service.internal.go.tpl b/charts/redpanda/templates/_service.internal.go.tpl index 0719ec5fa3..e74552d7ac 100644 --- a/charts/redpanda/templates/_service.internal.go.tpl +++ b/charts/redpanda/templates/_service.internal.go.tpl @@ -6,7 +6,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "monitoring.redpanda.com/enabled" (printf "%t" $values.monitoring.enabled) )) | toJson -}} +{{- (dict "r" (dict "monitoring.redpanda.com/enabled" (printf "%t" $values.monitoring.enabled))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -16,22 +16,22 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $ports := (list ) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "admin" "protocol" "TCP" "appProtocol" $values.listeners.admin.appProtocol "port" ($values.listeners.admin.port | int) "targetPort" ($values.listeners.admin.port | int) )))) -}} +{{- $ports := (list) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "admin" "protocol" "TCP" "appProtocol" $values.listeners.admin.appProtocol "port" ($values.listeners.admin.port | int) "targetPort" ($values.listeners.admin.port | int))))) -}} {{- if $values.listeners.http.enabled -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "http" "protocol" "TCP" "port" ($values.listeners.http.port | int) "targetPort" ($values.listeners.http.port | int) )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "http" "protocol" "TCP" "port" ($values.listeners.http.port | int) "targetPort" ($values.listeners.http.port | int))))) -}} {{- end -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "kafka" "protocol" "TCP" "port" ($values.listeners.kafka.port | int) "targetPort" ($values.listeners.kafka.port | int) )))) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "rpc" "protocol" "TCP" "port" ($values.listeners.rpc.port | int) "targetPort" ($values.listeners.rpc.port | int) )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "kafka" "protocol" "TCP" "port" ($values.listeners.kafka.port | int) "targetPort" ($values.listeners.kafka.port | int))))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "rpc" "protocol" "TCP" "port" ($values.listeners.rpc.port | int) "targetPort" ($values.listeners.rpc.port | int))))) -}} {{- if $values.listeners.schemaRegistry.enabled -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "schemaregistry" "protocol" "TCP" "port" ($values.listeners.schemaRegistry.port | int) "targetPort" ($values.listeners.schemaRegistry.port | int) )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "schemaregistry" "protocol" "TCP" "port" ($values.listeners.schemaRegistry.port | int) "targetPort" ($values.listeners.schemaRegistry.port | int))))) -}} {{- end -}} -{{- $annotations := (dict ) -}} +{{- $annotations := (dict) -}} {{- if (ne (toJson $values.service) "null") -}} {{- $annotations = $values.service.internal.annotations -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.MonitoringEnabledLabel" (dict "a" (list $dot) ))) "r")) "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "type" "ClusterIP" "publishNotReadyAddresses" true "clusterIP" "None" "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") "ports" $ports )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "loadBalancer" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Service")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.MonitoringEnabledLabel" (dict "a" (list $dot)))) "r")) "annotations" $annotations)) "spec" (mustMergeOverwrite (dict) (dict "type" "ClusterIP" "publishNotReadyAddresses" true "clusterIP" "None" "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r") "ports" $ports))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_service.loadbalancer.go.tpl b/charts/redpanda/templates/_service.loadbalancer.go.tpl index bb34c583ed..5fa0f2e0a3 100644 --- a/charts/redpanda/templates/_service.loadbalancer.go.tpl +++ b/charts/redpanda/templates/_service.loadbalancer.go.tpl @@ -15,15 +15,15 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $externalDNS := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.externalDns (mustMergeOverwrite (dict "enabled" false ) (dict ))) ))) "r") -}} -{{- $labels := (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") -}} +{{- $externalDNS := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.externalDns (mustMergeOverwrite (dict "enabled" false) (dict)))))) "r") -}} +{{- $labels := (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") -}} {{- $_ := (set $labels "repdanda.com/type" "loadbalancer") -}} -{{- $selector := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") -}} +{{- $selector := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r") -}} {{- $services := (coalesce nil) -}} {{- $replicas := ($values.statefulset.replicas | int) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} -{{- $podname := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i) -}} -{{- $annotations := (dict ) -}} +{{- $podname := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") $i) -}} +{{- $annotations := (dict) -}} {{- range $k, $v := $values.external.annotations -}} {{- $_ := (set $annotations $k $v) -}} {{- end -}} @@ -32,8 +32,8 @@ {{- end -}} {{- if $externalDNS.enabled -}} {{- $prefix := $podname -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} -{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses)))) "r") | int) (1 | int)) -}} {{- $prefix = (index $values.external.addresses (0 | int)) -}} {{- else -}} {{- $prefix = (index $values.external.addresses $i) -}} @@ -42,7 +42,7 @@ {{- $address := (printf "%s.%s" $prefix (tpl $values.external.domain $dot)) -}} {{- $_ := (set $annotations "external-dns.alpha.kubernetes.io/hostname" $address) -}} {{- end -}} -{{- $podSelector := (dict ) -}} +{{- $podSelector := (dict) -}} {{- range $k, $v := $selector -}} {{- $_ := (set $podSelector $k $v) -}} {{- end -}} @@ -51,48 +51,12 @@ {{- end -}} {{- $_ := (set $podSelector "statefulset.kubernetes.io/pod-name" $podname) -}} {{- $ports := (coalesce nil) -}} -{{- range $name, $listener := $values.listeners.admin.external -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($values.listeners.admin.port | int))) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "admin-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- range $name, $listener := $values.listeners.kafka.external -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "kafka-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- range $name, $listener := $values.listeners.http.external -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "http-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- range $name, $listener := $values.listeners.schemaRegistry.external -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "schema-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $svc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "lb-%s" $podname) "namespace" $dot.Release.Namespace "labels" $labels "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "externalTrafficPolicy" "Local" "loadBalancerSourceRanges" $values.external.sourceRanges "ports" $ports "publishNotReadyAddresses" true "selector" $podSelector "sessionAffinity" "None" "type" "LoadBalancer" )) )) -}} -{{- $services = (concat (default (list ) $services) (list $svc)) -}} +{{- $ports = (concat (default (list) $ports) (default (list) (get (fromJson (include "redpanda.ListenerConfig.ServicePorts" (dict "a" (list $values.listeners.admin "admin" $values.external)))) "r"))) -}} +{{- $ports = (concat (default (list) $ports) (default (list) (get (fromJson (include "redpanda.ListenerConfig.ServicePorts" (dict "a" (list $values.listeners.kafka "kafka" $values.external)))) "r"))) -}} +{{- $ports = (concat (default (list) $ports) (default (list) (get (fromJson (include "redpanda.ListenerConfig.ServicePorts" (dict "a" (list $values.listeners.http "http" $values.external)))) "r"))) -}} +{{- $ports = (concat (default (list) $ports) (default (list) (get (fromJson (include "redpanda.ListenerConfig.ServicePorts" (dict "a" (list $values.listeners.schemaRegistry "schema" $values.external)))) "r"))) -}} +{{- $svc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "loadBalancer" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Service")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "lb-%s" $podname) "namespace" $dot.Release.Namespace "labels" $labels "annotations" $annotations)) "spec" (mustMergeOverwrite (dict) (dict "externalTrafficPolicy" "Local" "loadBalancerSourceRanges" $values.external.sourceRanges "ports" $ports "publishNotReadyAddresses" true "selector" $podSelector "sessionAffinity" "None" "type" "LoadBalancer")))) -}} +{{- $services = (concat (default (list) $services) (list $svc)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} diff --git a/charts/redpanda/templates/_service.nodeport.go.tpl b/charts/redpanda/templates/_service.nodeport.go.tpl index bc199951d7..9d33de9218 100644 --- a/charts/redpanda/templates/_service.nodeport.go.tpl +++ b/charts/redpanda/templates/_service.nodeport.go.tpl @@ -17,63 +17,63 @@ {{- end -}} {{- $ports := (coalesce nil) -}} {{- range $name, $listener := $values.listeners.admin.external -}} -{{- if (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $listener)))) "r")) -}} {{- continue -}} {{- end -}} {{- $nodePort := ($listener.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (0 | int)) -}} {{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} {{- end -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "admin-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" (printf "admin-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $name, $listener := $values.listeners.kafka.external -}} -{{- if (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $listener)))) "r")) -}} {{- continue -}} {{- end -}} {{- $nodePort := ($listener.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (0 | int)) -}} {{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} {{- end -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "kafka-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" (printf "kafka-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $name, $listener := $values.listeners.http.external -}} -{{- if (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $listener)))) "r")) -}} {{- continue -}} {{- end -}} {{- $nodePort := ($listener.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (0 | int)) -}} {{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} {{- end -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "http-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" (printf "http-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $name, $listener := $values.listeners.schemaRegistry.external -}} -{{- if (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $listener)))) "r")) -}} {{- continue -}} {{- end -}} {{- $nodePort := ($listener.port | int) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts)))) "r") | int) (0 | int)) -}} {{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} {{- end -}} -{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "schema-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" (printf "schema-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $annotations := $values.external.annotations -}} {{- if (eq (toJson $annotations) "null") -}} -{{- $annotations = (dict ) -}} +{{- $annotations = (dict) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-external" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "externalTrafficPolicy" "Local" "ports" $ports "publishNotReadyAddresses" true "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") "sessionAffinity" "None" "type" "NodePort" )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "loadBalancer" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Service")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-external" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") "annotations" $annotations)) "spec" (mustMergeOverwrite (dict) (dict "externalTrafficPolicy" "Local" "ports" $ports "publishNotReadyAddresses" true "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r") "sessionAffinity" "None" "type" "NodePort"))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_serviceaccount.go.tpl b/charts/redpanda/templates/_serviceaccount.go.tpl index 82ec5be757..1cd51e008f 100644 --- a/charts/redpanda/templates/_serviceaccount.go.tpl +++ b/charts/redpanda/templates/_serviceaccount.go.tpl @@ -1,5 +1,32 @@ {{- /* Generated from "serviceaccount.go" */ -}} +{{- define "redpanda.ServiceAccountName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $serviceAccount := $values.serviceAccount -}} +{{- if (and $serviceAccount.create (ne $serviceAccount.name "")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $serviceAccount.name) | toJson -}} +{{- break -}} +{{- else -}}{{- if $serviceAccount.create -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) | toJson -}} +{{- break -}} +{{- else -}}{{- if (ne $serviceAccount.name "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $serviceAccount.name) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "default") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + {{- define "redpanda.ServiceAccount" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -11,7 +38,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "ServiceAccount" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "ServiceAccount")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") "annotations" $values.serviceAccount.annotations)) "automountServiceAccountToken" false))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_servicemonitor.go.tpl b/charts/redpanda/templates/_servicemonitor.go.tpl index 7f5a621309..cd2c11342d 100644 --- a/charts/redpanda/templates/_servicemonitor.go.tpl +++ b/charts/redpanda/templates/_servicemonitor.go.tpl @@ -10,16 +10,16 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $endpoint := (mustMergeOverwrite (dict ) (dict "interval" $values.monitoring.scrapeInterval "path" "/public_metrics" "port" "admin" "enableHttp2" $values.monitoring.enableHttp2 "scheme" "http" )) -}} -{{- if (or (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") (ne (toJson $values.monitoring.tlsConfig) "null")) -}} +{{- $endpoint := (mustMergeOverwrite (dict) (dict "interval" $values.monitoring.scrapeInterval "path" "/public_metrics" "port" "admin" "enableHttp2" $values.monitoring.enableHttp2 "scheme" "http")) -}} +{{- if (or (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls)))) "r") (ne (toJson $values.monitoring.tlsConfig) "null")) -}} {{- $_ := (set $endpoint "scheme" "https") -}} {{- $_ := (set $endpoint "tlsConfig" $values.monitoring.tlsConfig) -}} {{- if (eq (toJson $endpoint.tlsConfig) "null") -}} -{{- $_ := (set $endpoint "tlsConfig" (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (dict "insecureSkipVerify" true )) (dict ))) -}} +{{- $_ := (set $endpoint "tlsConfig" (mustMergeOverwrite (dict "ca" (dict) "cert" (dict)) (mustMergeOverwrite (dict "ca" (dict) "cert" (dict)) (dict "insecureSkipVerify" true)) (dict))) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "monitoring.coreos.com/v1" "kind" "ServiceMonitor" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") $values.monitoring.labels) )) "spec" (mustMergeOverwrite (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) (dict "endpoints" (list $endpoint) "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (dict "monitoring.redpanda.com/enabled" "true" "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name ) )) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "monitoring.coreos.com/v1" "kind" "ServiceMonitor")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r") $values.monitoring.labels))) "spec" (mustMergeOverwrite (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict)) (dict "endpoints" (list $endpoint) "selector" (mustMergeOverwrite (dict) (dict "matchLabels" (dict "monitoring.redpanda.com/enabled" "true" "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") "app.kubernetes.io/instance" $dot.Release.Name)))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_shims.tpl b/charts/redpanda/templates/_shims.tpl index 7fdd55a9e5..8bdb8a104f 100644 --- a/charts/redpanda/templates/_shims.tpl +++ b/charts/redpanda/templates/_shims.tpl @@ -143,6 +143,20 @@ {{- end -}} {{- end -}} +{{- define "_shims.fromYaml" -}} +{{- $in := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (fromYaml $in) -}} +{{- if (and (hasKey $result "Error") (eq (len $result) (1 | int))) -}} +{{- $_ := (fail (printf "fromYaml: unmarshalling failed: %s" (index $result "Error"))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + {{- define "_shims.asnumeric" -}} {{- $value := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -205,10 +219,10 @@ {{- end -}} {{- $reprStr := (toString $repr) -}} {{- $unit := (regexFind "(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)$" $repr) -}} -{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int)) | int) $reprStr)) -}} -{{- $_184_scale_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int) ) $unit (float64 0)) ))) "r") -}} -{{- $scale := ((index $_184_scale_ok 0) | float64) -}} -{{- $ok := (index $_184_scale_ok 1) -}} +{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr)))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit)))) "r") | int)) | int) $reprStr)) -}} +{{- $_196_scale_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int)) $unit (float64 0))))) "r") -}} +{{- $scale := ((index $_196_scale_ok 0) | float64) -}} +{{- $ok := (index $_196_scale_ok 1) -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "unknown unit: %q" $unit)) -}} {{- end -}} @@ -222,9 +236,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_207_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_207_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_207_numeric_scale 1) | float64) -}} +{{- $_219_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_219_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_219_numeric_scale 1) | float64) -}} {{- $strs := (list "" "m" "k" "M" "G" "T" "P" "Ki" "Mi" "Gi" "Ti" "Pi") -}} {{- $scales := (list 1.0 0.001 (1000 | int) (1000000 | int) (1000000000 | int) (1000000000000 | int) (1000000000000000 | int) (1024 | int) (1048576 | int) (1073741824 | int) (1099511627776 | int) (1125899906842624 | int)) -}} {{- $idx := -1 -}} @@ -250,9 +264,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_234_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_234_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_234_numeric_scale 1) | float64) -}} +{{- $_246_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_246_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_246_numeric_scale 1) | float64) -}} {{- $_is_returning = true -}} {{- (dict "r" (int64 (ceil ((mulf $numeric $scale) | float64)))) | toJson -}} {{- break -}} @@ -263,9 +277,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_239_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_239_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_239_numeric_scale 1) | float64) -}} +{{- $_251_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_251_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_251_numeric_scale 1) | float64) -}} {{- $_is_returning = true -}} {{- (dict "r" (int64 (ceil ((mulf ((mulf $numeric 1000.0) | float64) $scale) | float64)))) | toJson -}} {{- break -}} @@ -276,7 +290,7 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $unitMap := (dict "s" ((1000000000 | int64) | int64) "m" ((60000000000 | int64) | int64) "h" ((3600000000000 | int64) | int64) ) -}} +{{- $unitMap := (dict "s" ((1000000000 | int64) | int64) "m" ((60000000000 | int64) | int64) "h" ((3600000000000 | int64) | int64)) -}} {{- $original := $repr -}} {{- $value := ((0 | int64) | int64) -}} {{- if (eq $repr "") -}} @@ -295,12 +309,12 @@ {{- if (eq $n "") -}} {{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} {{- end -}} -{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n) ))) "r") | int) -1 $repr) -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n)))) "r") | int) -1 $repr) -}} {{- $unit := (regexFind `^(h|m|s)` $repr) -}} {{- if (eq $unit "") -}} {{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} {{- end -}} -{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int) -1 $repr) -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit)))) "r") | int) -1 $repr) -}} {{- $value = ((add $value (((mul (int64 $n) (ternary (index $unitMap $unit) 0 (hasKey $unitMap $unit))) | int64))) | int64) -}} {{- end -}} {{- if $_is_returning -}} diff --git a/charts/redpanda/templates/_statefulset.go.tpl b/charts/redpanda/templates/_statefulset.go.tpl index 03eb8360fc..5c658f74ba 100644 --- a/charts/redpanda/templates/_statefulset.go.tpl +++ b/charts/redpanda/templates/_statefulset.go.tpl @@ -4,7 +4,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "metadata.name" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "POD_IP" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "status.podIP" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "HOST_IP" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "status.hostIP" )) )) )))) | toJson -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "name" "") (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "fieldPath" "metadata.name")))))) (mustMergeOverwrite (dict "name" "") (dict "name" "POD_IP" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "fieldPath" "status.podIP")))))) (mustMergeOverwrite (dict "name" "") (dict "name" "HOST_IP" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "fieldPath" "status.hostIP")))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -14,24 +14,24 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if $dot.Release.IsUpgrade -}} -{{- $_87_existing_1_ok_2 := (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r") -}} +{{- $_87_existing_1_ok_2 := (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))))) "r") -}} {{- $existing_1 := (index $_87_existing_1_ok_2 0) -}} {{- $ok_2 := (index $_87_existing_1_ok_2 1) -}} -{{- if (and $ok_2 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_1.spec.selector.matchLabels) ))) "r") | int) (0 | int))) -}} +{{- if (and $ok_2 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_1.spec.selector.matchLabels)))) "r") | int) (0 | int))) -}} {{- $_is_returning = true -}} {{- (dict "r" $existing_1.spec.selector.matchLabels) | toJson -}} {{- break -}} {{- end -}} {{- end -}} {{- $values := $dot.Values.AsMap -}} -{{- $additionalSelectorLabels := (dict ) -}} +{{- $additionalSelectorLabels := (dict) -}} {{- if (ne (toJson $values.statefulset.additionalSelectorLabels) "null") -}} {{- $additionalSelectorLabels = $values.statefulset.additionalSelectorLabels -}} {{- end -}} -{{- $component := (printf "%s-statefulset" (trimSuffix "-" (trunc (51 | int) (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")))) -}} -{{- $defaults := (dict "app.kubernetes.io/component" $component "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) -}} +{{- $component := (printf "%s-statefulset" (trimSuffix "-" (trunc (51 | int) (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r")))) -}} +{{- $defaults := (dict "app.kubernetes.io/component" $component "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $additionalSelectorLabels $defaults)) | toJson -}} +{{- (dict "r" (merge (dict) $additionalSelectorLabels $defaults)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -41,23 +41,23 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if $dot.Release.IsUpgrade -}} -{{- $_118_existing_3_ok_4 := (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r") -}} +{{- $_118_existing_3_ok_4 := (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))))) "r") -}} {{- $existing_3 := (index $_118_existing_3_ok_4 0) -}} {{- $ok_4 := (index $_118_existing_3_ok_4 1) -}} -{{- if (and $ok_4 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_3.spec.template.metadata.labels) ))) "r") | int) (0 | int))) -}} +{{- if (and $ok_4 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_3.spec.template.metadata.labels)))) "r") | int) (0 | int))) -}} {{- $_is_returning = true -}} {{- (dict "r" $existing_3.spec.template.metadata.labels) | toJson -}} {{- break -}} {{- end -}} {{- end -}} {{- $values := $dot.Values.AsMap -}} -{{- $statefulSetLabels := (dict ) -}} +{{- $statefulSetLabels := (dict) -}} {{- if (ne (toJson $values.statefulset.podTemplate.labels) "null") -}} {{- $statefulSetLabels = $values.statefulset.podTemplate.labels -}} {{- end -}} -{{- $defaults := (dict "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") ) -}} +{{- $defaults := (dict "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $statefulSetLabels (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") $defaults (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- (dict "r" (merge (dict) $statefulSetLabels (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r") $defaults (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -66,36 +66,23 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") -}} -{{- $volumes := (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r") -}} +{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") -}} +{{- $volumes := (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot)))) "r") -}} {{- $values := $dot.Values.AsMap -}} -{{- $volumes = (concat (default (list ) $volumes) (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.50s-sts-lifecycle" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" "lifecycle-scripts" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $fullname )) (dict )) )) (dict "name" "base-config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) (dict "name" "config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.51s-configurator" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" (printf "%.51s-configurator" $fullname) ))))) -}} +{{- $volumes = (concat (default (list) $volumes) (default (list) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" (printf "%.50s-sts-lifecycle" $fullname) "defaultMode" (0o775 | int))))) (dict "name" "lifecycle-scripts")) (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $fullname)) (dict)))) (dict "name" "base-config")) (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "emptyDir" (mustMergeOverwrite (dict) (dict)))) (dict "name" "config")) (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" (printf "%.51s-configurator" $fullname) "defaultMode" (0o775 | int))))) (dict "name" (printf "%.51s-configurator" $fullname)))))) -}} {{- if $values.statefulset.initContainers.fsValidator.enabled -}} -{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.49s-fs-validator" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" (printf "%.49s-fs-validator" $fullname) )))) -}} +{{- $volumes = (concat (default (list) $volumes) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "secretName" (printf "%.49s-fs-validator" $fullname) "defaultMode" (0o775 | int))))) (dict "name" (printf "%.49s-fs-validator" $fullname))))) -}} {{- end -}} -{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls) ))) "r") -}} +{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls)))) "r") -}} {{- if (ne (toJson $vol_5) "null") -}} -{{- $volumes = (concat (default (list ) $volumes) (list $vol_5)) -}} +{{- $volumes = (concat (default (list) $volumes) (list $vol_5)) -}} {{- end -}} -{{- $volumes = (concat (default (list ) $volumes) (list (get (fromJson (include "redpanda.statefulSetVolumeDataDir" (dict "a" (list $dot) ))) "r"))) -}} -{{- $v_6 := (get (fromJson (include "redpanda.statefulSetVolumeTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- $volumes = (concat (default (list) $volumes) (list (get (fromJson (include "redpanda.statefulSetVolumeDataDir" (dict "a" (list $dot)))) "r"))) -}} +{{- $v_6 := (get (fromJson (include "redpanda.statefulSetVolumeTieredStorageDir" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $v_6) "null") -}} -{{- $volumes = (concat (default (list ) $volumes) (list $v_6)) -}} -{{- end -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r")) -}} -{{- $foundK8STokenVolume := false -}} -{{- range $_, $v := $volumes -}} -{{- if (hasPrefix $v.name (printf "%s%s" "kube-api-access" "-")) -}} -{{- $foundK8STokenVolume = true -}} -{{- end -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- if (not $foundK8STokenVolume) -}} -{{- $volumes = (concat (default (list ) $volumes) (list (get (fromJson (include "redpanda.kubeTokenAPIVolume" (dict "a" (list "kube-api-access") ))) "r"))) -}} -{{- end -}} +{{- $volumes = (concat (default (list) $volumes) (list $v_6)) -}} {{- end -}} +{{- $volumes = (concat (default (list) $volumes) (list (get (fromJson (include "redpanda.kubeTokenAPIVolume" (dict "a" (list "kube-api-access")))) "r"))) -}} {{- $_is_returning = true -}} {{- (dict "r" $volumes) | toJson -}} {{- break -}} @@ -107,7 +94,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil) ) (dict "defaultMode" (420 | int) "sources" (list (mustMergeOverwrite (dict ) (dict "serviceAccountToken" (mustMergeOverwrite (dict "path" "" ) (dict "path" "token" "expirationSeconds" ((3607 | int) | int64) )) )) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" "kube-root-ca.crt" )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" "ca.crt" "path" "ca.crt" ))) )) )) (mustMergeOverwrite (dict ) (dict "downwardAPI" (mustMergeOverwrite (dict ) (dict "items" (list (mustMergeOverwrite (dict "path" "" ) (dict "path" "namespace" "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "apiVersion" "v1" "fieldPath" "metadata.namespace" )) ))) )) ))) )) )) (dict "name" $name ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil)) (dict "defaultMode" (420 | int) "sources" (list (mustMergeOverwrite (dict) (dict "serviceAccountToken" (mustMergeOverwrite (dict "path" "") (dict "path" "token" "expirationSeconds" ((3607 | int) | int64))))) (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" "kube-root-ca.crt")) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" "ca.crt" "path" "ca.crt"))))))) (mustMergeOverwrite (dict) (dict "downwardAPI" (mustMergeOverwrite (dict) (dict "items" (list (mustMergeOverwrite (dict "path" "") (dict "path" "namespace" "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "apiVersion" "v1" "fieldPath" "metadata.namespace")))))))))))))) (dict "name" $name))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -117,15 +104,15 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $datadirSource := (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) -}} +{{- $datadirSource := (mustMergeOverwrite (dict) (dict "emptyDir" (mustMergeOverwrite (dict) (dict)))) -}} {{- if $values.storage.persistentVolume.enabled -}} -{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "persistentVolumeClaim" (mustMergeOverwrite (dict "claimName" "" ) (dict "claimName" "datadir" )) )) -}} +{{- $datadirSource = (mustMergeOverwrite (dict) (dict "persistentVolumeClaim" (mustMergeOverwrite (dict "claimName" "") (dict "claimName" "datadir")))) -}} {{- else -}}{{- if (ne $values.storage.hostPath "") -}} -{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" $values.storage.hostPath )) )) -}} +{{- $datadirSource = (mustMergeOverwrite (dict) (dict "hostPath" (mustMergeOverwrite (dict "path" "") (dict "path" $values.storage.hostPath)))) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) $datadirSource (dict "name" "datadir" ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") $datadirSource (dict "name" "datadir"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -135,12 +122,12 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $tieredType := (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") -}} +{{- $tieredType := (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage)))) "r") -}} {{- if (or (eq $tieredType "none") (eq $tieredType "persistentVolume")) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} @@ -148,11 +135,11 @@ {{- end -}} {{- if (eq $tieredType "hostPath") -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" (get (fromJson (include "redpanda.Storage.GetTieredStorageHostPath" (dict "a" (list $values.storage) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "hostPath" (mustMergeOverwrite (dict "path" "") (dict "path" (get (fromJson (include "redpanda.Storage.GetTieredStorageHostPath" (dict "a" (list $values.storage)))) "r"))))) (dict "name" "tiered-storage-dir"))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict "sizeLimit" (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r"))) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "emptyDir" (mustMergeOverwrite (dict) (dict "sizeLimit" (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r")))))) "r"))))) (dict "name" "tiered-storage-dir"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -161,11 +148,11 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} +{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r") -}} {{- $values := $dot.Values.AsMap -}} -{{- $mounts = (concat (default (list ) $mounts) (default (list ) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "lifecycle-scripts" "mountPath" "/var/lifecycle" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data" ))))) -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls) ))) "r")) ))) "r") | int) (0 | int)) -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true )))) -}} +{{- $mounts = (concat (default (list) $mounts) (default (list) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "config" "mountPath" "/etc/redpanda")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/tmp/base-config")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "lifecycle-scripts" "mountPath" "/var/lifecycle")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "kube-api-access" "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "readOnly" true))))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls)))) "r"))))) "r") | int) (0 | int)) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true)))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $mounts) | toJson -}} @@ -178,24 +165,24 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $containers := (coalesce nil) -}} -{{- $c_7 := (get (fromJson (include "redpanda.statefulSetInitContainerTuning" (dict "a" (list $dot) ))) "r") -}} +{{- $c_7 := (get (fromJson (include "redpanda.statefulSetInitContainerTuning" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $c_7) "null") -}} -{{- $containers = (concat (default (list ) $containers) (list $c_7)) -}} +{{- $containers = (concat (default (list) $containers) (list $c_7)) -}} {{- end -}} -{{- $c_8 := (get (fromJson (include "redpanda.statefulSetInitContainerSetDataDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- $c_8 := (get (fromJson (include "redpanda.statefulSetInitContainerSetDataDirOwnership" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $c_8) "null") -}} -{{- $containers = (concat (default (list ) $containers) (list $c_8)) -}} +{{- $containers = (concat (default (list) $containers) (list $c_8)) -}} {{- end -}} -{{- $c_9 := (get (fromJson (include "redpanda.statefulSetInitContainerFSValidator" (dict "a" (list $dot) ))) "r") -}} +{{- $c_9 := (get (fromJson (include "redpanda.statefulSetInitContainerFSValidator" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $c_9) "null") -}} -{{- $containers = (concat (default (list ) $containers) (list $c_9)) -}} +{{- $containers = (concat (default (list) $containers) (list $c_9)) -}} {{- end -}} -{{- $c_10 := (get (fromJson (include "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- $c_10 := (get (fromJson (include "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $c_10) "null") -}} -{{- $containers = (concat (default (list ) $containers) (list $c_10)) -}} +{{- $containers = (concat (default (list) $containers) (list $c_10)) -}} {{- end -}} -{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetInitContainerConfigurator" (dict "a" (list $dot) ))) "r"))) -}} -{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot) ))) "r"))) -}} +{{- $containers = (concat (default (list) $containers) (list (get (fromJson (include "redpanda.statefulSetInitContainerConfigurator" (dict "a" (list $dot)))) "r"))) -}} +{{- $containers = (concat (default (list) $containers) (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot)))) "r"))) -}} {{- $_is_returning = true -}} {{- (dict "r" $containers) | toJson -}} {{- break -}} @@ -213,7 +200,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "tuning" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/bash` `-c` `rpk redpanda tune all`) "securityContext" (mustMergeOverwrite (dict ) (dict "capabilities" (mustMergeOverwrite (dict ) (dict "add" (list `SYS_RESOURCE`) )) "privileged" true "runAsUser" ((0 | int64) | int64) "runAsGroup" ((0 | int64) | int64) )) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/etc/redpanda" )))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "tuning" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")) "command" (list `/bin/bash` `-c` `rpk redpanda tune all`) "securityContext" (mustMergeOverwrite (dict) (dict "capabilities" (mustMergeOverwrite (dict) (dict "add" (list `SYS_RESOURCE`))) "privileged" true "runAsUser" ((0 | int64) | int64) "runAsGroup" ((0 | int64) | int64))) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/etc/redpanda"))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -228,11 +215,11 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $_415_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-datadir-ownership") ))) "r") -}} -{{- $uid := ((index $_415_uid_gid 0) | int64) -}} -{{- $gid := ((index $_415_uid_gid 1) | int64) -}} +{{- $_403_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-datadir-ownership")))) "r") -}} +{{- $uid := ((index $_403_uid_gid 0) | int64) -}} +{{- $gid := ((index $_403_uid_gid 1) | int64) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "set-datadir-ownership" "image" (printf "%s:%s" $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `chown %d:%d -R /var/lib/redpanda/data` $uid $gid)) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data` )))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "set-datadir-ownership" "image" (printf "%s:%s" $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `chown %d:%d -R /var/lib/redpanda/data` $uid $gid)) "securityContext" (mustMergeOverwrite (dict) (dict "runAsUser" (0 | int64) "runAsGroup" (0 | int64))) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data`))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -243,12 +230,12 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $_439_gid_uid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $values.podTemplate "redpanda") ))) "r") -}} -{{- $gid := (index $_439_gid_uid 0) -}} -{{- $uid := (index $_439_gid_uid 1) -}} -{{- $_440_sgid_suid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $values.statefulset.podTemplate "redpanda") ))) "r") -}} -{{- $sgid := (index $_440_sgid_suid 0) -}} -{{- $suid := (index $_440_sgid_suid 1) -}} +{{- $_431_gid_uid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $values.podTemplate "redpanda")))) "r") -}} +{{- $gid := (index $_431_gid_uid 0) -}} +{{- $uid := (index $_431_gid_uid 1) -}} +{{- $_432_sgid_suid := (get (fromJson (include "redpanda.giduidFromPodTemplate" (dict "a" (list $values.statefulset.podTemplate "redpanda")))) "r") -}} +{{- $sgid := (index $_432_sgid_suid 0) -}} +{{- $suid := (index $_432_sgid_suid 1) -}} {{- if (ne (toJson $sgid) "null") -}} {{- $gid = $sgid -}} {{- end -}} @@ -284,7 +271,7 @@ {{- $uid = $tpl.spec.securityContext.runAsUser -}} {{- end -}} {{- range $_, $container := $tpl.spec.containers -}} -{{- if (and (eq (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $container.name "") ))) "r") $containerName) (ne (toJson $container.securityContext) "null")) -}} +{{- if (and (eq (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $container.name "")))) "r") $containerName) (ne (toJson $container.securityContext) "null")) -}} {{- if (ne (toJson $container.securityContext.runAsUser) "null") -}} {{- $uid = $container.securityContext.runAsUser -}} {{- end -}} @@ -310,7 +297,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "fs-validator" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/sh`) "args" (list `-c` (printf `trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh %s & wait $!` $values.statefulset.initContainers.fsValidator.expectedFS)) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf `%.49s-fs-validator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" `/etc/secrets/fs-validator/scripts/` )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data` )))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "fs-validator" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")) "command" (list `/bin/sh`) "args" (list `-c` (printf `trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh %s & wait $!` $values.statefulset.initContainers.fsValidator.expectedFS)) "volumeMounts" (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" (printf `%.49s-fs-validator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "mountPath" `/etc/secrets/fs-validator/scripts/`)) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data`))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -320,26 +307,26 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $_523_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-tiered-storage-cache-dir-ownership") ))) "r") -}} -{{- $uid := ((index $_523_uid_gid 0) | int64) -}} -{{- $gid := ((index $_523_uid_gid 1) | int64) -}} -{{- $cacheDir := (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") -}} -{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data" )))) -}} -{{- if (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none") -}} +{{- $_515_uid_gid := (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-tiered-storage-cache-dir-ownership")))) "r") -}} +{{- $uid := ((index $_515_uid_gid 0) | int64) -}} +{{- $gid := ((index $_515_uid_gid 1) | int64) -}} +{{- $cacheDir := (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot)))) "r") -}} +{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r") -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data")))) -}} +{{- if (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage)))) "r") "none") -}} {{- $name := "tiered-storage-dir" -}} {{- if (and (ne (toJson $values.storage.persistentVolume) "null") (ne $values.storage.persistentVolume.nameOverwrite "")) -}} {{- $name = $values.storage.persistentVolume.nameOverwrite -}} {{- end -}} -{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" $cacheDir )))) -}} +{{- $mounts = (concat (default (list) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" $name "mountPath" $cacheDir)))) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" `set-tiered-storage-cache-dir-ownership` "image" (printf `%s:%s` $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `mkdir -p %s; chown %d:%d -R %s` $cacheDir $uid $gid $cacheDir)) "volumeMounts" $mounts ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" `set-tiered-storage-cache-dir-ownership` "image" (printf `%s:%s` $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `mkdir -p %s; chown %d:%d -R %s` $cacheDir $uid $gid $cacheDir)) "securityContext" (mustMergeOverwrite (dict) (dict "runAsUser" (0 | int64) "runAsGroup" (0 | int64))) "volumeMounts" $mounts))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -349,22 +336,13 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $volMounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} -{{- $volMounts = (concat (default (list ) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf `%.51s-configurator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" "/etc/secrets/configurator/scripts/" )))) -}} -{{- if (and (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r")) $values.rackAwareness.enabled) -}} -{{- $mountName := "kube-api-access" -}} -{{- range $_, $vol := (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") -}} -{{- if (hasPrefix $vol.name (printf "%s%s" "kube-api-access" "-")) -}} -{{- $mountName = $vol.name -}} -{{- end -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $volMounts = (concat (default (list ) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" )))) -}} +{{- $volMounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r") -}} +{{- $volMounts = (concat (default (list) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "config" "mountPath" "/etc/redpanda")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "base-config" "mountPath" "/tmp/base-config")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" (printf `%.51s-configurator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r")) "mountPath" "/etc/secrets/configurator/scripts/")))) -}} +{{- if $values.rackAwareness.enabled -}} +{{- $volMounts = (concat (default (list) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "kube-api-access" "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "readOnly" true)))) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "redpanda-configurator" "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/bash` `-c` `trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" & wait $!`) "env" (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONFIGURATOR_SCRIPT" "value" "/etc/secrets/configurator/scripts/configurator.sh" )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "metadata.name" )) "resourceFieldRef" (coalesce nil) "configMapKeyRef" (coalesce nil) "secretKeyRef" (coalesce nil) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "KUBERNETES_NODE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "spec.nodeName" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "HOST_IP_ADDRESS" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "apiVersion" "v1" "fieldPath" "status.hostIP" )) )) )))) ))) "r") "volumeMounts" $volMounts ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "redpanda-configurator" "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")) "command" (list `/bin/bash` `-c` `trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" & wait $!`) "env" (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (list (mustMergeOverwrite (dict "name" "") (dict "name" "CONFIGURATOR_SCRIPT" "value" "/etc/secrets/configurator/scripts/configurator.sh")) (mustMergeOverwrite (dict "name" "") (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "fieldPath" "metadata.name")) "resourceFieldRef" (coalesce nil) "configMapKeyRef" (coalesce nil) "secretKeyRef" (coalesce nil))))) (mustMergeOverwrite (dict "name" "") (dict "name" "KUBERNETES_NODE_NAME" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "fieldPath" "spec.nodeName")))))) (mustMergeOverwrite (dict "name" "") (dict "name" "HOST_IP_ADDRESS" "valueFrom" (mustMergeOverwrite (dict) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "apiVersion" "v1" "fieldPath" "status.hostIP"))))))))))) "r") "volumeMounts" $volMounts))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -374,10 +352,10 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $containers := (coalesce nil) -}} -{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetContainerRedpanda" (dict "a" (list $dot) ))) "r"))) -}} -{{- $c_11 := (get (fromJson (include "redpanda.statefulSetContainerSidecar" (dict "a" (list $dot) ))) "r") -}} +{{- $containers = (concat (default (list) $containers) (list (get (fromJson (include "redpanda.statefulSetContainerRedpanda" (dict "a" (list $dot)))) "r"))) -}} +{{- $c_11 := (get (fromJson (include "redpanda.statefulSetContainerSidecar" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $c_11) "null") -}} -{{- $containers = (concat (default (list ) $containers) (list $c_11)) -}} +{{- $containers = (concat (default (list) $containers) (list $c_11)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $containers) | toJson -}} @@ -403,51 +381,51 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $internalAdvertiseAddress := (printf "%s.%s" "$(SERVICE_NAME)" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} -{{- $container := (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "redpanda" "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "env" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot (get (fromJson (include "redpanda.statefulSetRedpandaEnv" (dict "a" (list ) ))) "r")) ))) "r") "lifecycle" (mustMergeOverwrite (dict ) (dict "postStart" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "post-start" ((div $values.statefulset.podTemplate.spec.terminationGracePeriodSeconds (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/postStart.sh")) ))) "r") )) )) "preStop" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "pre-stop" ((div $values.statefulset.podTemplate.spec.terminationGracePeriodSeconds (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/preStop.sh")) ))) "r") )) )) )) "startupProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -e` (printf `RESULT=$(curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready")` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r")) `echo $RESULT` `echo $RESULT | grep ready` ``))) )) )) (dict "failureThreshold" (120 | int) "initialDelaySeconds" (1 | int) "periodSeconds" (10 | int) )) "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (printf `curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready"` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r"))) )) )) (dict "failureThreshold" (3 | int) "initialDelaySeconds" (10 | int) "periodSeconds" (10 | int) )) "command" (list `rpk` `redpanda` `start` (printf `--advertise-rpc-addr=%s:%d` $internalAdvertiseAddress ($values.listeners.rpc.port | int))) "volumeMounts" (get (fromJson (include "redpanda.StatefulSetVolumeMounts" (dict "a" (list $dot) ))) "r") "resources" (get (fromJson (include "redpanda.RedpandaResources.GetResourceRequirements" (dict "a" (list $values.resources) ))) "r") )) -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "admin" "containerPort" ($values.listeners.admin.port | int) ))))) -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "$(SERVICE_NAME)" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r")) -}} +{{- $container := (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "redpanda" "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r")) "env" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot (get (fromJson (include "redpanda.statefulSetRedpandaEnv" (dict "a" (list)))) "r"))))) "r") "lifecycle" (mustMergeOverwrite (dict) (dict "postStart" (mustMergeOverwrite (dict) (dict "exec" (mustMergeOverwrite (dict) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "post-start" ((div $values.statefulset.podTemplate.spec.terminationGracePeriodSeconds (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/postStart.sh"))))) "r"))))) "preStop" (mustMergeOverwrite (dict) (dict "exec" (mustMergeOverwrite (dict) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "pre-stop" ((div $values.statefulset.podTemplate.spec.terminationGracePeriodSeconds (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/preStop.sh"))))) "r"))))))) "startupProbe" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "exec" (mustMergeOverwrite (dict) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -e` (printf `RESULT=$(curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready")` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot)))) "r")) `echo $RESULT` `echo $RESULT | grep ready` ``))))))) (dict "failureThreshold" (120 | int) "initialDelaySeconds" (1 | int) "periodSeconds" (10 | int))) "livenessProbe" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "exec" (mustMergeOverwrite (dict) (dict "command" (list `/bin/sh` `-c` (printf `curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready"` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot)))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot)))) "r"))))))) (dict "failureThreshold" (3 | int) "initialDelaySeconds" (10 | int) "periodSeconds" (10 | int))) "command" (list `rpk` `redpanda` `start` (printf `--advertise-rpc-addr=%s:%d` $internalAdvertiseAddress ($values.listeners.rpc.port | int))) "volumeMounts" (get (fromJson (include "redpanda.StatefulSetVolumeMounts" (dict "a" (list $dot)))) "r") "resources" (get (fromJson (include "redpanda.RedpandaResources.GetResourceRequirements" (dict "a" (list $values.resources)))) "r"))) -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "admin" "containerPort" ($values.listeners.admin.port | int)))))) -}} {{- range $externalName, $external := $values.listeners.admin.external -}} -{{- if (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "admin-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- if (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $external)))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" (printf "admin-%.8s" (lower $externalName)) "containerPort" ($external.port | int)))))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "http" "containerPort" ($values.listeners.http.port | int) ))))) -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "http" "containerPort" ($values.listeners.http.port | int)))))) -}} {{- range $externalName, $external := $values.listeners.http.external -}} -{{- if (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "http-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- if (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $external)))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" (printf "http-%.8s" (lower $externalName)) "containerPort" ($external.port | int)))))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "kafka" "containerPort" ($values.listeners.kafka.port | int) ))))) -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "kafka" "containerPort" ($values.listeners.kafka.port | int)))))) -}} {{- range $externalName, $external := $values.listeners.kafka.external -}} -{{- if (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "kafka-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- if (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $external)))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" (printf "kafka-%.8s" (lower $externalName)) "containerPort" ($external.port | int)))))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "rpc" "containerPort" ($values.listeners.rpc.port | int) ))))) -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "schemaregistry" "containerPort" ($values.listeners.schemaRegistry.port | int) ))))) -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "rpc" "containerPort" ($values.listeners.rpc.port | int)))))) -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "schemaregistry" "containerPort" ($values.listeners.schemaRegistry.port | int)))))) -}} {{- range $externalName, $external := $values.listeners.schemaRegistry.external -}} -{{- if (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} -{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "schema-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- if (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $external)))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" (printf "schema-%.8s" (lower $externalName)) "containerPort" ($external.port | int)))))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- if (and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none")) -}} +{{- if (and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage)))) "r") (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage)))) "r") "none")) -}} {{- $name := "tiered-storage-dir" -}} {{- if (and (ne (toJson $values.storage.persistentVolume) "null") (ne $values.storage.persistentVolume.nameOverwrite "")) -}} {{- $name = $values.storage.persistentVolume.nameOverwrite -}} {{- end -}} -{{- $_ := (set $container "volumeMounts" (concat (default (list ) $container.volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") ))))) -}} +{{- $_ := (set $container "volumeMounts" (concat (default (list) $container.volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" $name "mountPath" (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot)))) "r")))))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $container) | toJson -}} @@ -461,7 +439,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf `${SERVICE_NAME}.%s:%d` (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.admin.port | int))) | toJson -}} +{{- (dict "r" (printf `${SERVICE_NAME}.%s:%d` (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r") ($values.listeners.admin.port | int))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -472,7 +450,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf `$(SERVICE_NAME).%s:%d` (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.admin.port | int))) | toJson -}} +{{- (dict "r" (printf `$(SERVICE_NAME).%s:%d` (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot)))) "r") ($values.listeners.admin.port | int))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -482,35 +460,20 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $args := (list `sidecar` `--redpanda-yaml` `/etc/redpanda/redpanda.yaml` `--redpanda-cluster-namespace` $dot.Release.Namespace `--redpanda-cluster-name` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") `--run-broker-probe` `--broker-probe-broker-url` (get (fromJson (include "redpanda.adminURLsCLI" (dict "a" (list $dot) ))) "r")) -}} +{{- $args := (list `sidecar` `--redpanda-yaml` `/etc/redpanda/redpanda.yaml` `--redpanda-cluster-namespace` $dot.Release.Namespace `--redpanda-cluster-name` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") `--run-broker-probe` `--broker-probe-broker-url` (get (fromJson (include "redpanda.adminURLsCLI" (dict "a" (list $dot)))) "r")) -}} {{- if $values.statefulset.sideCars.brokerDecommissioner.enabled -}} -{{- $args = (concat (default (list ) $args) (default (list ) (list `--run-decommissioner` (printf "--decommission-vote-interval=%s" $values.statefulset.sideCars.brokerDecommissioner.decommissionAfter) (printf "--decommission-requeue-timeout=%s" $values.statefulset.sideCars.brokerDecommissioner.decommissionRequeueTimeout) `--decommission-vote-count=2`))) -}} +{{- $args = (concat (default (list) $args) (default (list) (list `--run-decommissioner` (printf "--decommission-vote-interval=%s" $values.statefulset.sideCars.brokerDecommissioner.decommissionAfter) (printf "--decommission-requeue-timeout=%s" $values.statefulset.sideCars.brokerDecommissioner.decommissionRequeueTimeout) `--decommission-vote-count=2`))) -}} {{- end -}} {{- $sasl_12 := $values.auth.sasl -}} {{- if (and (and $sasl_12.enabled (ne $sasl_12.secretRef "")) $values.statefulset.sideCars.configWatcher.enabled) -}} -{{- $args = (concat (default (list ) $args) (default (list ) (list `--watch-users` `--users-directory=/etc/secrets/users/`))) -}} +{{- $args = (concat (default (list) $args) (default (list) (list `--watch-users` `--users-directory=/etc/secrets/users/`))) -}} {{- end -}} {{- if $values.statefulset.sideCars.pvcUnbinder.enabled -}} -{{- $args = (concat (default (list ) $args) (default (list ) (list `--run-pvc-unbinder` (printf "--pvc-unbinder-timeout=%s" $values.statefulset.sideCars.pvcUnbinder.unbindAfter)))) -}} -{{- end -}} -{{- $volumeMounts := (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )))) -}} -{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r")) -}} -{{- $mountName := "kube-api-access" -}} -{{- range $_, $vol := (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") -}} -{{- if (hasPrefix $vol.name (printf "%s%s" "kube-api-access" "-")) -}} -{{- $mountName = $vol.name -}} -{{- break -}} -{{- end -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- if (ne $mountName "") -}} -{{- $volumeMounts = (concat (default (list ) $volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" )))) -}} -{{- end -}} +{{- $args = (concat (default (list) $args) (default (list) (list `--run-pvc-unbinder` (printf "--pvc-unbinder-timeout=%s" $values.statefulset.sideCars.pvcUnbinder.unbindAfter)))) -}} {{- end -}} +{{- $volumeMounts := (concat (default (list) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot)))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "config" "mountPath" "/etc/redpanda")) (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "kube-api-access" "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "readOnly" true)))) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "sidecar" "image" (printf `%s:%s` $values.statefulset.sideCars.image.repository $values.statefulset.sideCars.image.tag) "command" (list `/redpanda-operator`) "args" $args "env" (concat (default (list ) (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (coalesce nil)) ))) "r")) (default (list ) (get (fromJson (include "redpanda.statefulSetRedpandaEnv" (dict "a" (list ) ))) "r"))) "volumeMounts" $volumeMounts "readinessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/healthz" "port" (8093 | int) )) )) (dict "failureThreshold" (3 | int) "initialDelaySeconds" (1 | int) "periodSeconds" (10 | int) "successThreshold" (1 | int) "timeoutSeconds" (0 | int) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "sidecar" "image" (printf `%s:%s` $values.statefulset.sideCars.image.repository $values.statefulset.sideCars.image.tag) "command" (list `/redpanda-operator`) "args" $args "env" (concat (default (list) (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (coalesce nil))))) "r")) (default (list) (get (fromJson (include "redpanda.statefulSetRedpandaEnv" (dict "a" (list)))) "r"))) "volumeMounts" $volumeMounts "readinessProbe" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "httpGet" (mustMergeOverwrite (dict "port" 0) (dict "path" "/healthz" "port" (8093 | int))))) (dict "failureThreshold" (3 | int) "initialDelaySeconds" (1 | int) "periodSeconds" (10 | int) "successThreshold" (1 | int) "timeoutSeconds" (0 | int)))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -523,7 +486,7 @@ {{- $values := $dot.Values.AsMap -}} {{- if (and (ne (toJson $values.auth.sasl) "null") $values.auth.sasl.enabled) -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $envVars) (default (list ) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")))) | toJson -}} +{{- (dict "r" (concat (default (list) $envVars) (default (list) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))))) "r")))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} @@ -540,7 +503,7 @@ {{- $values := $dot.Values.AsMap -}} {{- if (and (ne (toJson $values.auth.sasl) "null") $values.auth.sasl.enabled) -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $envVars) (default (list ) (get (fromJson (include "redpanda.BootstrapUser.BootstrapEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")))) | toJson -}} +{{- (dict "r" (concat (default (list) $envVars) (default (list) (get (fromJson (include "redpanda.BootstrapUser.BootstrapEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r"))))) "r")))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} @@ -554,19 +517,19 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (and (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_0" (dict "a" (list $dot) ))) "r")) (not $values.force)) -}} -{{- $sv := (get (fromJson (include "redpanda.semver" (dict "a" (list $dot) ))) "r") -}} +{{- if (and (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_0" (dict "a" (list $dot)))) "r")) (not $values.force)) -}} +{{- $sv := (get (fromJson (include "redpanda.semver" (dict "a" (list $dot)))) "r") -}} {{- $_ := (fail (printf "Error: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding `--force=true`\n" $sv)) -}} {{- end -}} -{{- $ss := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) "status" (dict "replicas" 0 "availableReplicas" 0 ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "StatefulSet" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) (dict "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) "serviceName" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") "replicas" ($values.statefulset.replicas | int) "updateStrategy" $values.statefulset.updateStrategy "podManagementPolicy" "Parallel" "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.statefulset.podTemplate) ))) "r") (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.podTemplate) ))) "r") (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "labels" (get (fromJson (include "redpanda.StatefulSetPodLabels" (dict "a" (list $dot) ))) "r") "annotations" (dict "config.redpanda.com/checksum" (get (fromJson (include "redpanda.statefulSetChecksumAnnotation" (dict "a" (list $dot) ))) "r") ) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "automountServiceAccountToken" false "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "initContainers" (get (fromJson (include "redpanda.StatefulSetInitContainers" (dict "a" (list $dot) ))) "r") "containers" (get (fromJson (include "redpanda.StatefulSetContainers" (dict "a" (list $dot) ))) "r") "volumes" (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") )) ))) ))) "r")) ))) "r") "volumeClaimTemplates" (coalesce nil) )) )) -}} -{{- if (or $values.storage.persistentVolume.enabled ((and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (eq (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")))) -}} -{{- $t_13 := (get (fromJson (include "redpanda.volumeClaimTemplateDatadir" (dict "a" (list $dot) ))) "r") -}} +{{- $ss := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) "serviceName" "" "updateStrategy" (dict)) "status" (dict "replicas" 0 "availableReplicas" 0)) (mustMergeOverwrite (dict) (dict "apiVersion" "apps/v1" "kind" "StatefulSet")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot)))) "r"))) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) "serviceName" "" "updateStrategy" (dict)) (dict "selector" (mustMergeOverwrite (dict) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot)))) "r"))) "serviceName" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot)))) "r") "replicas" ($values.statefulset.replicas | int) "updateStrategy" $values.statefulset.updateStrategy "podManagementPolicy" "Parallel" "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.statefulset.podTemplate)))) "r") (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list (get (fromJson (include "redpanda.StructuredTpl" (dict "a" (list $dot $values.podTemplate)))) "r") (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "labels" (get (fromJson (include "redpanda.StatefulSetPodLabels" (dict "a" (list $dot)))) "r") "annotations" (dict "config.redpanda.com/checksum" (get (fromJson (include "redpanda.statefulSetChecksumAnnotation" (dict "a" (list $dot)))) "r")))) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil)) (dict "automountServiceAccountToken" false "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot)))) "r") "initContainers" (get (fromJson (include "redpanda.StatefulSetInitContainers" (dict "a" (list $dot)))) "r") "containers" (get (fromJson (include "redpanda.StatefulSetContainers" (dict "a" (list $dot)))) "r") "volumes" (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot)))) "r"))))))))) "r"))))) "r") "volumeClaimTemplates" (coalesce nil))))) -}} +{{- if (or $values.storage.persistentVolume.enabled ((and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage)))) "r") (eq (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage)))) "r") "persistentVolume")))) -}} +{{- $t_13 := (get (fromJson (include "redpanda.volumeClaimTemplateDatadir" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $t_13) "null") -}} -{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_13))) -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list) $ss.spec.volumeClaimTemplates) (list $t_13))) -}} {{- end -}} -{{- $t_14 := (get (fromJson (include "redpanda.volumeClaimTemplateTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- $t_14 := (get (fromJson (include "redpanda.volumeClaimTemplateTieredStorageDir" (dict "a" (list $dot)))) "r") -}} {{- if (ne (toJson $t_14) "null") -}} -{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_14))) -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list) $ss.spec.volumeClaimTemplates) (list $t_14))) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} @@ -580,7 +543,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- (dict "r" (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -591,13 +554,13 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $dependencies := (coalesce nil) -}} -{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot false) ))) "r"))) -}} +{{- $dependencies = (concat (default (list) $dependencies) (list (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot false)))) "r"))) -}} {{- if $values.external.enabled -}} -{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r"))) -}} +{{- $dependencies = (concat (default (list) $dependencies) (list (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "")))) "r"))) -}} {{- if (empty $values.external.addresses) -}} -{{- $dependencies = (concat (default (list ) $dependencies) (list "")) -}} +{{- $dependencies = (concat (default (list) $dependencies) (list "")) -}} {{- else -}} -{{- $dependencies = (concat (default (list ) $dependencies) (list $values.external.addresses)) -}} +{{- $dependencies = (concat (default (list) $dependencies) (list $values.external.addresses)) -}} {{- end -}} {{- end -}} {{- $_is_returning = true -}} @@ -616,7 +579,7 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" "datadir" "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) $values.storage.persistentVolume.labels $values.commonLabels) "annotations" (default (coalesce nil) $values.storage.persistentVolume.annotations) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" $values.storage.persistentVolume.size ) )) )) )) -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "resources" (dict)) "status" (dict)) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" "datadir" "labels" (merge (dict) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r")) $values.storage.persistentVolume.labels $values.commonLabels) "annotations" (default (coalesce nil) $values.storage.persistentVolume.annotations))) "spec" (mustMergeOverwrite (dict "resources" (dict)) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict) (dict "requests" (dict "storage" $values.storage.persistentVolume.size))))))) -}} {{- if (not (empty $values.storage.persistentVolume.storageClass)) -}} {{- if (eq $values.storage.persistentVolume.storageClass "-") -}} {{- $_ := (set $pvc.spec "storageClassName" "") -}} @@ -635,13 +598,13 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (or (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")) -}} +{{- if (or (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage)))) "r")) (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage)))) "r") "persistentVolume")) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (default "tiered-storage-dir" $values.storage.persistentVolume.nameOverwrite) "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeLabels" (dict "a" (list $values.storage) ))) "r") $values.commonLabels) "annotations" (default (coalesce nil) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeAnnotations" (dict "a" (list $values.storage) ))) "r")) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" (index (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") `cloud_storage_cache_size`) ) )) )) )) -}} -{{- $sc_15 := (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeStorageClass" (dict "a" (list $values.storage) ))) "r") -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "resources" (dict)) "status" (dict)) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (default "tiered-storage-dir" $values.storage.persistentVolume.nameOverwrite) "labels" (merge (dict) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot)))) "r")) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeLabels" (dict "a" (list $values.storage)))) "r") $values.commonLabels) "annotations" (default (coalesce nil) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeAnnotations" (dict "a" (list $values.storage)))) "r")))) "spec" (mustMergeOverwrite (dict "resources" (dict)) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict) (dict "requests" (dict "storage" (index (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r") `cloud_storage_cache_size`)))))))) -}} +{{- $sc_15 := (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeStorageClass" (dict "a" (list $values.storage)))) "r") -}} {{- if (eq $sc_15 "-") -}} {{- $_ := (set $pvc.spec "storageClassName" "") -}} {{- else -}}{{- if (not (empty $sc_15)) -}} @@ -660,7 +623,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/redpanda/templates/_values.go.tpl b/charts/redpanda/templates/_values.go.tpl index b0e9366cfb..53bff1309a 100644 --- a/charts/redpanda/templates/_values.go.tpl +++ b/charts/redpanda/templates/_values.go.tpl @@ -6,8 +6,8 @@ {{- $isSASLEnabled := (index .a 2) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} -{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot) ))) "r")) -}} +{{- $result := (dict) -}} +{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $result) | toJson -}} {{- break -}} @@ -34,13 +34,13 @@ {{- if (ne ($a.replicationFactor | int) (0 | int)) -}} {{- $_ := (set $result "audit_log_replication_factor" ($a.replicationFactor | int)) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.enabledEventTypes) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.enabledEventTypes)))) "r") | int) (0 | int)) -}} {{- $_ := (set $result "audit_enabled_event_types" $a.enabledEventTypes) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedTopics) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedTopics)))) "r") | int) (0 | int)) -}} {{- $_ := (set $result "audit_excluded_topics" $a.excludedTopics) -}} {{- end -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedPrincipals) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedPrincipals)))) "r") | int) (0 | int)) -}} {{- $_ := (set $result "audit_excluded_principals" $a.excludedPrincipals) -}} {{- end -}} {{- $_is_returning = true -}} @@ -74,15 +74,15 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $users := (list (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $a.sasl.bootstrapUser) ))) "r")) -}} +{{- $users := (list (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $a.sasl.bootstrapUser)))) "r")) -}} {{- range $_, $u := $a.sasl.users -}} -{{- $users = (concat (default (list ) $users) (list $u.name)) -}} +{{- $users = (concat (default (list) $users) (list $u.name)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "superusers" $users )) | toJson -}} +{{- (dict "r" (dict "superusers" $users)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -91,8 +91,8 @@ {{- $l := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} -{{- $clusterID_1 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.usageStats.clusterId "") ))) "r") -}} +{{- $result := (dict) -}} +{{- $clusterID_1 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.usageStats.clusterId "")))) "r") -}} {{- if (ne $clusterID_1 "") -}} {{- $_ := (set $result "cluster_id" $clusterID_1) -}} {{- end -}} @@ -108,12 +108,12 @@ {{- $_is_returning := false -}} {{- if (and (ne (toJson $rr.limits) "null") (ne (toJson $rr.requests) "null")) -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (dict "limits" $rr.limits "requests" $rr.requests ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (dict "limits" $rr.limits "requests" $rr.requests))) | toJson -}} {{- break -}} {{- end -}} -{{- $reqs := (mustMergeOverwrite (dict ) (dict "limits" (dict "cpu" $rr.cpu.cores "memory" $rr.memory.container.max ) )) -}} +{{- $reqs := (mustMergeOverwrite (dict) (dict "limits" (dict "cpu" $rr.cpu.cores "memory" $rr.memory.container.max))) -}} {{- if (ne (toJson $rr.memory.container.min) "null") -}} -{{- $_ := (set $reqs "requests" (dict "cpu" $rr.cpu.cores "memory" $rr.memory.container.min )) -}} +{{- $_ := (set $reqs "requests" (dict "cpu" $rr.cpu.cores "memory" $rr.memory.container.min)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $reqs) | toJson -}} @@ -125,19 +125,19 @@ {{- $rr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $flags := (dict "--reserve-memory" (printf "%dM" ((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr) ))) "r") | int64)) ) -}} -{{- $smp_2 := (get (fromJson (include "redpanda.RedpandaResources.smp" (dict "a" (list $rr) ))) "r") -}} +{{- $flags := (dict "--reserve-memory" (printf "%dM" ((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr)))) "r") | int64))) -}} +{{- $smp_2 := (get (fromJson (include "redpanda.RedpandaResources.smp" (dict "a" (list $rr)))) "r") -}} {{- if (ne (toJson $smp_2) "null") -}} {{- $_ := (set $flags "--smp" (printf "%d" ($smp_2 | int64))) -}} {{- end -}} -{{- $memory_3 := (get (fromJson (include "redpanda.RedpandaResources.memory" (dict "a" (list $rr) ))) "r") -}} +{{- $memory_3 := (get (fromJson (include "redpanda.RedpandaResources.memory" (dict "a" (list $rr)))) "r") -}} {{- if (ne (toJson $memory_3) "null") -}} {{- $_ := (set $flags "--memory" (printf "%dM" ($memory_3 | int64))) -}} {{- end -}} {{- if (and (eq (toJson $rr.limits) "null") (eq (toJson $rr.requests) "null")) -}} -{{- $_ := (set $flags "--lock-memory" (printf "%v" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $rr.memory.enable_memory_locking false) ))) "r"))) -}} +{{- $_ := (set $flags "--lock-memory" (printf "%v" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $rr.memory.enable_memory_locking false)))) "r"))) -}} {{- end -}} -{{- if (get (fromJson (include "redpanda.RedpandaResources.GetOverProvisionValue" (dict "a" (list $rr) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.RedpandaResources.GetOverProvisionValue" (dict "a" (list $rr)))) "r") -}} {{- $_ := (set $flags "--overprovisioned" "") -}} {{- end -}} {{- $_is_returning = true -}} @@ -151,15 +151,15 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if (and (ne (toJson $rr.limits) "null") (ne (toJson $rr.requests) "null")) -}} -{{- $_422_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "cpu" "0") ))) "r") -}} +{{- $_422_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "cpu" "0")))) "r") -}} {{- $cpuReq := (index $_422_cpuReq_ok 0) -}} {{- $ok := (index $_422_cpuReq_ok 1) -}} {{- if (not $ok) -}} -{{- $_424_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "cpu" "0") ))) "r") -}} +{{- $_424_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "cpu" "0")))) "r") -}} {{- $cpuReq = (index $_424_cpuReq_ok 0) -}} {{- $ok = (index $_424_cpuReq_ok 1) -}} {{- end -}} -{{- if (and $ok (lt ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $cpuReq) ))) "r") | int64) (1000 | int64))) -}} +{{- if (and $ok (lt ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $cpuReq)))) "r") | int64) (1000 | int64))) -}} {{- $_is_returning = true -}} {{- (dict "r" true) | toJson -}} {{- break -}} @@ -168,13 +168,13 @@ {{- (dict "r" false) | toJson -}} {{- break -}} {{- end -}} -{{- if (lt ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $rr.cpu.cores) ))) "r") | int64) (1000 | int64)) -}} +{{- if (lt ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $rr.cpu.cores)))) "r") | int64) (1000 | int64)) -}} {{- $_is_returning = true -}} {{- (dict "r" true) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $rr.cpu.overprovisioned false) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $rr.cpu.overprovisioned false)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -184,11 +184,11 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if (and (ne (toJson $rr.limits) "null") (ne (toJson $rr.requests) "null")) -}} -{{- $_448_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "cpu" "0") ))) "r") -}} +{{- $_448_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "cpu" "0")))) "r") -}} {{- $cpuReq := (index $_448_cpuReq_ok 0) -}} {{- $ok := (index $_448_cpuReq_ok 1) -}} {{- if (not $ok) -}} -{{- $_450_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "cpu" "0") ))) "r") -}} +{{- $_450_cpuReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "cpu" "0")))) "r") -}} {{- $cpuReq = (index $_450_cpuReq_ok 0) -}} {{- $ok = (index $_450_cpuReq_ok 1) -}} {{- end -}} @@ -197,7 +197,7 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $smp := ((div ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $cpuReq) ))) "r") | int64) (1000 | int64)) | int64) -}} +{{- $smp := ((div ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $cpuReq)))) "r") | int64) (1000 | int64)) | int64) -}} {{- if (lt $smp (1 | int64)) -}} {{- $smp = (1 | int64) -}} {{- end -}} @@ -205,14 +205,14 @@ {{- (dict "r" $smp) | toJson -}} {{- break -}} {{- end -}} -{{- $coresInMillies_4 := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $rr.cpu.cores) ))) "r") | int64) -}} +{{- $coresInMillies_4 := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $rr.cpu.cores)))) "r") | int64) -}} {{- if (lt $coresInMillies_4 (1000 | int64)) -}} {{- $_is_returning = true -}} {{- (dict "r" ((1 | int64) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.cpu.cores) ))) "r") | int64) | int64)) | toJson -}} +{{- (dict "r" (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.cpu.cores)))) "r") | int64) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -222,11 +222,11 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if (and (ne (toJson $rr.limits) "null") (ne (toJson $rr.requests) "null")) -}} -{{- $_507_memReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "memory" "0") ))) "r") -}} +{{- $_507_memReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.requests) "memory" "0")))) "r") -}} {{- $memReq := (index $_507_memReq_ok 0) -}} {{- $ok := (index $_507_memReq_ok 1) -}} {{- if (not $ok) -}} -{{- $_509_memReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "memory" "0") ))) "r") -}} +{{- $_509_memReq_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list ($rr.limits) "memory" "0")))) "r") -}} {{- $memReq = (index $_509_memReq_ok 0) -}} {{- $ok = (index $_509_memReq_ok 1) -}} {{- end -}} @@ -235,16 +235,16 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $memory := (((mulf (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $memReq) ))) "r") | int64) | float64) 0.90) | float64) | int64) -}} +{{- $memory := (((mulf (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $memReq)))) "r") | int64) | float64) 0.90) | float64) | int64) -}} {{- $_is_returning = true -}} {{- (dict "r" ((div $memory ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- $memory := ((0 | int64) | int64) -}} -{{- $containerMemory := ((get (fromJson (include "redpanda.RedpandaResources.containerMemory" (dict "a" (list $rr) ))) "r") | int64) -}} +{{- $containerMemory := ((get (fromJson (include "redpanda.RedpandaResources.containerMemory" (dict "a" (list $rr)))) "r") | int64) -}} {{- $rpMem_5 := $rr.memory.redpanda -}} {{- if (and (ne (toJson $rpMem_5) "null") (ne (toJson $rpMem_5.memory) "null")) -}} -{{- $memory = ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_5.memory) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64) -}} +{{- $memory = ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_5.memory)))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64) -}} {{- else -}} {{- $memory = (((mulf ($containerMemory | float64) 0.8) | float64) | int64) -}} {{- end -}} @@ -254,8 +254,8 @@ {{- if (lt $memory (256 | int64)) -}} {{- $_ := (fail (printf "%d is below the minimum value for Redpanda" $memory)) -}} {{- end -}} -{{- if (gt ((add $memory (((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr) ))) "r") | int64) | int64)) | int64) $containerMemory) -}} -{{- $_ := (fail (printf "Not enough container memory for Redpanda memory values where Redpanda: %d, reserve: %d, container: %d" $memory ((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr) ))) "r") | int64) $containerMemory)) -}} +{{- if (gt ((add $memory (((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr)))) "r") | int64) | int64)) | int64) $containerMemory) -}} +{{- $_ := (fail (printf "Not enough container memory for Redpanda memory values where Redpanda: %d, reserve: %d, container: %d" $memory ((get (fromJson (include "redpanda.RedpandaResources.reserveMemory" (dict "a" (list $rr)))) "r") | int64) $containerMemory)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $memory) | toJson -}} @@ -275,11 +275,11 @@ {{- $rpMem_6 := $rr.memory.redpanda -}} {{- if (and (ne (toJson $rpMem_6) "null") (ne (toJson $rpMem_6.reserveMemory) "null")) -}} {{- $_is_returning = true -}} -{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_6.reserveMemory) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_6.reserveMemory)))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" ((add (((mulf (((get (fromJson (include "redpanda.RedpandaResources.containerMemory" (dict "a" (list $rr) ))) "r") | int64) | float64) 0.002) | float64) | int64) (200 | int64)) | int64)) | toJson -}} +{{- (dict "r" ((add (((mulf (((get (fromJson (include "redpanda.RedpandaResources.containerMemory" (dict "a" (list $rr)))) "r") | int64) | float64) 0.002) | float64) | int64) (200 | int64)) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -290,11 +290,11 @@ {{- $_is_returning := false -}} {{- if (ne (toJson $rr.memory.container.min) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.memory.container.min) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.memory.container.min)))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.memory.container.max) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rr.memory.container.max)))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -303,12 +303,12 @@ {{- $s := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $conf := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s) ))) "r") -}} -{{- $_627_b_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $conf "cloud_storage_enabled" (coalesce nil)) ))) "r") -}} +{{- $conf := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s)))) "r") -}} +{{- $_627_b_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $conf "cloud_storage_enabled" (coalesce nil))))) "r") -}} {{- $b := (index $_627_b_ok 0) -}} {{- $ok := (index $_627_b_ok 1) -}} {{- $_is_returning = true -}} -{{- (dict "r" (and $ok (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" $b) ))) "r"))) | toJson -}} +{{- (dict "r" (and $ok (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" $b)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -317,7 +317,7 @@ {{- $s := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $s.tieredConfig) ))) "r") | int) (0 | int)) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $s.tieredConfig)))) "r") | int) (0 | int)) -}} {{- $_is_returning = true -}} {{- (dict "r" $s.tieredConfig) | toJson -}} {{- break -}} @@ -351,7 +351,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $_656_dir_7_ok_8 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $values.config.node "cloud_storage_cache_directory") "") ))) "r") -}} +{{- $_656_dir_7_ok_8 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $values.config.node "cloud_storage_cache_directory") "")))) "r") -}} {{- $dir_7 := (index $_656_dir_7_ok_8 0) -}} {{- $ok_8 := (index $_656_dir_7_ok_8 1) -}} {{- if $ok_8 -}} @@ -359,8 +359,8 @@ {{- (dict "r" $dir_7) | toJson -}} {{- break -}} {{- end -}} -{{- $tieredConfig := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") -}} -{{- $_665_dir_9_ok_10 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $tieredConfig "cloud_storage_cache_directory") "") ))) "r") -}} +{{- $tieredConfig := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage)))) "r") -}} +{{- $_665_dir_9_ok_10 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $tieredConfig "cloud_storage_cache_directory") "")))) "r") -}} {{- $dir_9 := (index $_665_dir_9_ok_10 0) -}} {{- $ok_10 := (index $_665_dir_9_ok_10 1) -}} {{- if $ok_10 -}} @@ -448,7 +448,7 @@ {{- (dict "r" (5368709120 | int)) | toJson -}} {{- break -}} {{- end -}} -{{- $minimumFreeBytes := ((mulf (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $s.persistentVolume.size) ))) "r") | int64) | float64) 0.05) | float64) -}} +{{- $minimumFreeBytes := ((mulf (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $s.persistentVolume.size)))) "r") | int64) | float64) 0.05) | float64) -}} {{- $_is_returning = true -}} {{- (dict "r" (min (5368709120 | int) ($minimumFreeBytes | int64))) | toJson -}} {{- break -}} @@ -459,15 +459,15 @@ {{- $t := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} +{{- $result := (dict) -}} {{- $s := (toJson $t) -}} {{- $tune := (fromJson $s) -}} -{{- $_803_m_ok := (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r") -}} -{{- $m := (index $_803_m_ok 0) -}} -{{- $ok := (index $_803_m_ok 1) -}} +{{- $_808_m_ok := (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil))))) "r") -}} +{{- $m := (index $_808_m_ok 0) -}} +{{- $ok := (index $_808_m_ok 1) -}} {{- if (not $ok) -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict )) | toJson -}} +{{- (dict "r" (dict)) | toJson -}} {{- break -}} {{- end -}} {{- range $k, $v := $m -}} @@ -487,7 +487,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (or ((and $s.controllers.enabled $s.controllers.createRBAC)) (get (fromJson (include "redpanda.Sidecars.AdditionalSidecarControllersEnabled" (dict "a" (list $s) ))) "r"))) | toJson -}} +{{- (dict "r" (or ((and $s.controllers.enabled $s.controllers.createRBAC)) (get (fromJson (include "redpanda.Sidecars.AdditionalSidecarControllersEnabled" (dict "a" (list $s)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -511,7 +511,7 @@ {{- $_is_returning := false -}} {{- $result := (coalesce nil) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} -{{- $result = (concat (default (list ) $result) (list (dict "host" (dict "address" (printf "%s-%d.%s" $fullname $i $internalDomain) "port" ($l.rpc.port | int) ) ))) -}} +{{- $result = (concat (default (list) $result) (list (dict "host" (dict "address" (printf "%s-%d.%s" $fullname $i $internalDomain) "port" ($l.rpc.port | int))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -530,7 +530,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.admin.port | int)) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.admin.port | int))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -543,7 +543,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.schemaRegistry.port | int)) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.schemaRegistry.port | int))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -558,7 +558,7 @@ {{- $_is_returning := false -}} {{- $result := (coalesce nil) -}} {{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} -{{- $result = (concat (default (list ) $result) (list (printf "%s%s-%d.%s:%d" $prefix $fullname $i $internalDomain ($port | int)))) -}} +{{- $result = (concat (default (list) $result) (list (printf "%s%s-%d.%s:%d" $prefix $fullname $i $internalDomain ($port | int)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -574,14 +574,14 @@ {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $cmSources := (dict ) -}} -{{- $secretSources := (dict ) -}} -{{- range $_, $ts := (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $l $tls) ))) "r") -}} -{{- $projection := (get (fromJson (include "redpanda.TrustStore.VolumeProjection" (dict "a" (list $ts) ))) "r") -}} +{{- $cmSources := (dict) -}} +{{- $secretSources := (dict) -}} +{{- range $_, $ts := (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $l $tls)))) "r") -}} +{{- $projection := (get (fromJson (include "redpanda.TrustStore.VolumeProjection" (dict "a" (list $ts)))) "r") -}} {{- if (ne (toJson $projection.secret) "null") -}} -{{- $_ := (set $secretSources $projection.secret.name (concat (default (list ) (index $secretSources $projection.secret.name)) (default (list ) $projection.secret.items))) -}} +{{- $_ := (set $secretSources $projection.secret.name (concat (default (list) (index $secretSources $projection.secret.name)) (default (list) $projection.secret.items))) -}} {{- else -}} -{{- $_ := (set $cmSources $projection.configMap.name (concat (default (list ) (index $cmSources $projection.configMap.name)) (default (list ) $projection.configMap.items))) -}} +{{- $_ := (set $cmSources $projection.configMap.name (concat (default (list) (index $cmSources $projection.configMap.name)) (default (list) $projection.configMap.items))) -}} {{- end -}} {{- end -}} {{- if $_is_returning -}} @@ -590,25 +590,25 @@ {{- $sources := (coalesce nil) -}} {{- range $_, $name := (sortAlpha (keys $cmSources)) -}} {{- $keys := (index $cmSources $name) -}} -{{- $sources = (concat (default (list ) $sources) (list (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $name )) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys) ))) "r") )) )))) -}} +{{- $sources = (concat (default (list) $sources) (list (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $name)) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys)))) "r"))))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $_, $name := (sortAlpha (keys $secretSources)) -}} {{- $keys := (index $secretSources $name) -}} -{{- $sources = (concat (default (list ) $sources) (list (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $name )) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys) ))) "r") )) )))) -}} +{{- $sources = (concat (default (list) $sources) (list (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $name)) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys)))) "r"))))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- if (lt ((get (fromJson (include "_shims.len" (dict "a" (list $sources) ))) "r") | int) (1 | int)) -}} +{{- if (lt ((get (fromJson (include "_shims.len" (dict "a" (list $sources)))) "r") | int) (1 | int)) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil) ) (dict "sources" $sources )) )) (dict "name" "truststores" ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil)) (dict "sources" $sources)))) (dict "name" "truststores"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -617,16 +617,16 @@ {{- $items := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $seen := (dict ) -}} +{{- $seen := (dict) -}} {{- $deduped := (coalesce nil) -}} {{- range $_, $item := $items -}} -{{- $_959___ok_11 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false) ))) "r") -}} -{{- $_ := (index $_959___ok_11 0) -}} -{{- $ok_11 := (index $_959___ok_11 1) -}} +{{- $_958___ok_11 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false)))) "r") -}} +{{- $_ := (index $_958___ok_11 0) -}} +{{- $ok_11 := (index $_958___ok_11 1) -}} {{- if $ok_11 -}} {{- continue -}} {{- end -}} -{{- $deduped = (concat (default (list ) $deduped) (list $item)) -}} +{{- $deduped = (concat (default (list) $deduped) (list $item)) -}} {{- $_ := (set $seen $item.key true) -}} {{- end -}} {{- if $_is_returning -}} @@ -643,10 +643,10 @@ {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $tss := (get (fromJson (include "redpanda.KafkaListeners.TrustStores" (dict "a" (list $l.kafka $tls) ))) "r") -}} -{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.AdminListeners.TrustStores" (dict "a" (list $l.admin $tls) ))) "r"))) -}} -{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.HTTPListeners.TrustStores" (dict "a" (list $l.http $tls) ))) "r"))) -}} -{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.SchemaRegistryListeners.TrustStores" (dict "a" (list $l.schemaRegistry $tls) ))) "r"))) -}} +{{- $tss := (get (fromJson (include "redpanda.ListenerConfig.TrustStores" (dict "a" (list $l.kafka $tls)))) "r") -}} +{{- $tss = (concat (default (list) $tss) (default (list) (get (fromJson (include "redpanda.ListenerConfig.TrustStores" (dict "a" (list $l.admin $tls)))) "r"))) -}} +{{- $tss = (concat (default (list) $tss) (default (list) (get (fromJson (include "redpanda.ListenerConfig.TrustStores" (dict "a" (list $l.http $tls)))) "r"))) -}} +{{- $tss = (concat (default (list) $tss) (default (list) (get (fromJson (include "redpanda.ListenerConfig.TrustStores" (dict "a" (list $l.schemaRegistry $tls)))) "r"))) -}} {{- $_is_returning = true -}} {{- (dict "r" $tss) | toJson -}} {{- break -}} @@ -657,7 +657,7 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} +{{- $result := (dict) -}} {{- range $k, $v := $c.rpk -}} {{- $_ := (set $result $k $v) -}} {{- end -}} @@ -675,9 +675,9 @@ {{- $name := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1050_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) )) ))) "r") -}} -{{- $cert := (index $_1050_cert_ok 0) -}} -{{- $ok := (index $_1050_cert_ok 1) -}} +{{- $_1049_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)))))) "r") -}} +{{- $cert := (index $_1049_cert_ok 0) -}} +{{- $ok := (index $_1049_cert_ok 1) -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "Certificate %q referenced, but not found in the tls.certs map" $name)) -}} {{- end -}} @@ -693,7 +693,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $b $fullname) ))) "r")) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "RP_BOOTSTRAP_USER" "value" "$(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM)" ))))) | toJson -}} +{{- (dict "r" (concat (default (list) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $b $fullname)))) "r")) (list (mustMergeOverwrite (dict "name" "") (dict "name" "RP_BOOTSTRAP_USER" "value" "$(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM)"))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -719,7 +719,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_PASS" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (get (fromJson (include "redpanda.BootstrapUser.SecretKeySelector" (dict "a" (list $b $fullname) ))) "r") )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_USER" "value" (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $b) ))) "r") )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_SASL_MECHANISM" "value" (toString (get (fromJson (include "redpanda.BootstrapUser.GetMechanism" (dict "a" (list $b) ))) "r")) )))) | toJson -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "name" "") (dict "name" "RPK_PASS" "valueFrom" (mustMergeOverwrite (dict) (dict "secretKeyRef" (get (fromJson (include "redpanda.BootstrapUser.SecretKeySelector" (dict "a" (list $b $fullname)))) "r"))))) (mustMergeOverwrite (dict "name" "") (dict "name" "RPK_USER" "value" (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $b)))) "r"))) (mustMergeOverwrite (dict "name" "") (dict "name" "RPK_SASL_MECHANISM" "value" (get (fromJson (include "redpanda.BootstrapUser.GetMechanism" (dict "a" (list $b)))) "r"))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -734,7 +734,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $b.mechanism) | toJson -}} +{{- (dict "r" (toString $b.mechanism)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -750,7 +750,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (printf "%s-bootstrap-user" $fullname) )) (dict "key" "password" ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "key" "") (mustMergeOverwrite (dict) (dict "name" (printf "%s-bootstrap-user" $fullname))) (dict "key" "password"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -760,7 +760,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf "%s/%s" "/etc/truststores" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r"))) | toJson -}} +{{- (dict "r" (printf "%s/%s" "/etc/truststores" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -786,11 +786,11 @@ {{- $_is_returning := false -}} {{- if (ne (toJson $t.configMapKeyRef) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $t.configMapKeyRef.name )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" $t.configMapKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r") ))) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $t.configMapKeyRef.name)) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" $t.configMapKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t)))) "r"))))))))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $t.secretKeyRef.name )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" $t.secretKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r") ))) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $t.secretKeyRef.name)) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" $t.secretKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t)))) "r"))))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -801,7 +801,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled $tls.enabled) ))) "r") (ne $t.cert ""))) | toJson -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled $tls.enabled)))) "r") (ne $t.cert ""))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -813,10 +813,10 @@ {{- $_is_returning := false -}} {{- if (ne (toJson $t.trustStore) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore)))) "r")) | toJson -}} {{- break -}} {{- end -}} -{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert) ))) "r").caEnabled -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert)))) "r").caEnabled -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" $t.cert)) | toJson -}} {{- break -}} @@ -832,7 +832,12 @@ {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert) ))) "r").caEnabled -}} +{{- if (ne (toJson $t.trustStore) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore)))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert)))) "r").caEnabled -}} {{- $_is_returning = true -}} {{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" $t.cert)) | toJson -}} {{- break -}} @@ -850,7 +855,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r")) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i)))) "r"))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -861,7 +866,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.cert $i.cert) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.cert $i.cert)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -874,12 +879,12 @@ {{- $_is_returning := false -}} {{- if (ne (toJson $t.trustStore) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore)))) "r")) | toJson -}} {{- break -}} {{- end -}} -{{- if (get (fromJson (include "redpanda.ExternalTLS.GetCert" (dict "a" (list $t $i $tls) ))) "r").caEnabled -}} +{{- if (get (fromJson (include "redpanda.ExternalTLS.GetCert" (dict "a" (list $t $i $tls)))) "r").caEnabled -}} {{- $_is_returning = true -}} -{{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r"))) | toJson -}} +{{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i)))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} @@ -900,102 +905,49 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (and (ne (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r") "") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $i $tls) ))) "r")) ))) "r"))) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.AdminListeners.ConsoleTLS" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}} -{{- if (not $t.enabled) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- $adminAPIPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}} -{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}} -{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $adminAPIPrefix)) -}} -{{- else -}} -{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} -{{- end -}} -{{- if (not $l.tls.requireClientAuth) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} -{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $adminAPIPrefix)) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.AdminListeners.Listeners" -}} -{{- $l := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $admin := (list (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r")) -}} -{{- range $k, $lis := $l.external -}} -{{- if (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $admin = (concat (default (list ) $admin) (list (dict "name" $k "port" ($lis.port | int) "address" "0.0.0.0" ))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $admin) | toJson -}} +{{- (dict "r" (and (ne (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i)))) "r") "") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $i $tls)))) "r"))))) "r"))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.AdminListeners.ListenersTLS" -}} +{{- define "redpanda.ListenerConfig.ServicePorts" -}} {{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} +{{- $namePrefix := (index .a 1) -}} +{{- $external := (index .a 2) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $admin := (list ) -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} -{{- $admin = (concat (default (list ) $admin) (list $internal)) -}} -{{- end -}} -{{- range $k, $lis := $l.external -}} -{{- if (or (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- $ports := (coalesce nil) -}} +{{- range $name, $listener := $l.external -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $external.enabled)))) "r")) -}} {{- continue -}} {{- end -}} -{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} -{{- $admin = (concat (default (list ) $admin) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- $fallbackPorts := (concat (default (list) $listener.advertisedPorts) (list ($l.port | int))) -}} +{{- $ports = (concat (default (list) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" (printf "%s-%s" $namePrefix $name) "protocol" "TCP" "appProtocol" $l.appProtocol "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int)))))) "r") | int))))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $admin) | toJson -}} +{{- (dict "r" $ports) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.AdminListeners.TrustStores" -}} +{{- define "redpanda.ListenerConfig.TrustStores" -}} {{- $l := (index .a 0) -}} {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $tss := (list ) -}} -{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} -{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} +{{- $tss := (list) -}} +{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls)))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} +{{- $tss = (concat (default (list) $tss) (list $l.tls.trustStore)) -}} {{- end -}} {{- range $_, $key := (sortAlpha (keys $l.external)) -}} -{{- $lis := (ternary (index $l.external $key) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil) ) (hasKey $l.external $key)) -}} -{{- if (or (or (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} +{{- $lis := (ternary (index $l.external $key) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "tls" (coalesce nil)) (hasKey $l.external $key)) -}} +{{- if (or (or (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $lis)))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls)))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} {{- continue -}} {{- end -}} -{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} +{{- $tss = (concat (default (list) $tss) (list $lis.tls.trustStore)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -1006,69 +958,54 @@ {{- end -}} {{- end -}} -{{- define "redpanda.AdminExternal.IsEnabled" -}} -{{- $l := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $_is_returning = true -}} -{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.HTTPListeners.Listeners" -}} +{{- define "redpanda.ListenerConfig.Listeners" -}} {{- $l := (index .a 0) -}} -{{- $saslEnabled := (index .a 1) -}} +{{- $auth := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}} -{{- if $saslEnabled -}} -{{- $_ := (set $internal "authentication_method" "http_basic") -}} -{{- end -}} -{{- $am_12 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- $internal := (dict "name" "internal" "address" "0.0.0.0" "port" ($l.port | int)) -}} +{{- $defaultAuth := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $auth "")))) "r") -}} +{{- $am_12 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod $defaultAuth)))) "r") -}} {{- if (ne $am_12 "") -}} {{- $_ := (set $internal "authentication_method" $am_12) -}} {{- end -}} -{{- $result := (list $internal) -}} +{{- $listeners := (list $internal) -}} {{- range $k, $l := $l.external -}} -{{- if (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} +{{- if (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $l)))) "r")) -}} {{- continue -}} {{- end -}} -{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} -{{- if $saslEnabled -}} -{{- $_ := (set $listener "authentication_method" "http_basic") -}} -{{- end -}} -{{- $am_13 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0") -}} +{{- $am_13 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod $defaultAuth)))) "r") -}} {{- if (ne $am_13 "") -}} {{- $_ := (set $listener "authentication_method" $am_13) -}} {{- end -}} -{{- $result = (concat (default (list ) $result) (list $listener)) -}} +{{- $listeners = (concat (default (list) $listeners) (list $listener)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $result) | toJson -}} +{{- (dict "r" $listeners) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.HTTPListeners.ListenersTLS" -}} +{{- define "redpanda.ListenerConfig.ListenersTLS" -}} {{- $l := (index .a 0) -}} {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $pp := (list ) -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} -{{- $pp = (concat (default (list ) $pp) (list $internal)) -}} +{{- $pp := (list) -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls)))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal)))) "r") | int) (0 | int)) -}} +{{- $pp = (concat (default (list) $pp) (list $internal)) -}} {{- end -}} {{- range $k, $lis := $l.external -}} -{{- if (or (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- if (or (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $lis)))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls)))) "r"))) -}} {{- continue -}} {{- end -}} -{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} -{{- $pp = (concat (default (list ) $pp) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls)))) "r") -}} +{{- $pp = (concat (default (list) $pp) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false)))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls)))) "r")))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} @@ -1079,291 +1016,42 @@ {{- end -}} {{- end -}} -{{- define "redpanda.HTTPListeners.TrustStores" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $tss := (coalesce nil) -}} -{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} -{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} -{{- end -}} -{{- range $_, $lis := $l.external -}} -{{- if (or (or (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} -{{- continue -}} -{{- end -}} -{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $tss) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.HTTPExternal.IsEnabled" -}} -{{- $l := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $_is_returning = true -}} -{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.KafkaListeners.Listeners" -}} -{{- $l := (index .a 0) -}} -{{- $auth := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}} -{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $auth) ))) "r") -}} -{{- $_ := (set $internal "authentication_method" "sasl") -}} -{{- end -}} -{{- $am_14 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} -{{- if (ne $am_14 "") -}} -{{- $_ := (set $internal "authentication_method" $am_14) -}} -{{- end -}} -{{- $kafka := (list $internal) -}} -{{- range $k, $l := $l.external -}} -{{- if (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} -{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $auth) ))) "r") -}} -{{- $_ := (set $listener "authentication_method" "sasl") -}} -{{- end -}} -{{- $am_15 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} -{{- if (ne $am_15 "") -}} -{{- $_ := (set $listener "authentication_method" $am_15) -}} -{{- end -}} -{{- $kafka = (concat (default (list ) $kafka) (list $listener)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $kafka) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.KafkaListeners.ListenersTLS" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $kafka := (list ) -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} -{{- $kafka = (concat (default (list ) $kafka) (list $internal)) -}} -{{- end -}} -{{- range $k, $lis := $l.external -}} -{{- if (or (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} -{{- continue -}} -{{- end -}} -{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} -{{- $kafka = (concat (default (list ) $kafka) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $kafka) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.KafkaListeners.TrustStores" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $tss := (coalesce nil) -}} -{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} -{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} -{{- end -}} -{{- range $_, $key := (sortAlpha (keys $l.external)) -}} -{{- $lis := (ternary (index $l.external $key) (dict "enabled" (coalesce nil) "advertisedPorts" (coalesce nil) "port" 0 "nodePort" (coalesce nil) "authenticationMethod" (coalesce nil) "prefixTemplate" (coalesce nil) "tls" (coalesce nil) ) (hasKey $l.external $key)) -}} -{{- if (or (or (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} -{{- continue -}} -{{- end -}} -{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $tss) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.KafkaListeners.ConsoleTLS" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}} -{{- if (not $t.enabled) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- $kafkaPathPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}} -{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}} -{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $kafkaPathPrefix)) -}} -{{- else -}} -{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $kafkaPathPrefix)) -}} -{{- end -}} -{{- if (not $l.tls.requireClientAuth) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $kafkaPathPrefix)) -}} -{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $kafkaPathPrefix)) -}} -{{- $_is_returning = true -}} -{{- (dict "r" $t) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.KafkaExternal.IsEnabled" -}} -{{- $l := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $_is_returning = true -}} -{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.SchemaRegistryListeners.Listeners" -}} -{{- $l := (index .a 0) -}} -{{- $saslEnabled := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}} -{{- if $saslEnabled -}} -{{- $_ := (set $internal "authentication_method" "http_basic") -}} -{{- end -}} -{{- $am_16 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} -{{- if (ne $am_16 "") -}} -{{- $_ := (set $internal "authentication_method" $am_16) -}} -{{- end -}} -{{- $result := (list $internal) -}} -{{- range $k, $l := $l.external -}} -{{- if (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} -{{- continue -}} -{{- end -}} -{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} -{{- if $saslEnabled -}} -{{- $_ := (set $listener "authentication_method" "http_basic") -}} -{{- end -}} -{{- $am_17 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} -{{- if (ne $am_17 "") -}} -{{- $_ := (set $listener "authentication_method" $am_17) -}} -{{- end -}} -{{- $result = (concat (default (list ) $result) (list $listener)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $result) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.SchemaRegistryListeners.ListenersTLS" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $listeners := (list ) -}} -{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} -{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} -{{- $listeners = (concat (default (list ) $listeners) (list $internal)) -}} -{{- end -}} -{{- range $k, $lis := $l.external -}} -{{- if (or (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} -{{- continue -}} -{{- end -}} -{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} -{{- $listeners = (concat (default (list ) $listeners) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $listeners) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.SchemaRegistryListeners.TrustStores" -}} +{{- define "redpanda.ListenerConfig.ConsoleTLS" -}} {{- $l := (index .a 0) -}} {{- $tls := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $tss := (coalesce nil) -}} -{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} -{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} -{{- end -}} -{{- range $_, $lis := $l.external -}} -{{- if (or (or (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} -{{- continue -}} -{{- end -}} -{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $tss) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "redpanda.SchemaRegistryListeners.ConsoleTLS" -}} -{{- $l := (index .a 0) -}} -{{- $tls := (index .a 1) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}} +{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls)))) "r"))) -}} {{- if (not $t.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" $t) | toJson -}} {{- break -}} {{- end -}} -{{- $schemaRegistryPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}} -{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}} -{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $schemaRegistryPrefix)) -}} +{{- $adminAPIPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert)))) "r").caEnabled -}} +{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $adminAPIPrefix)) -}} {{- else -}} -{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $schemaRegistryPrefix)) -}} +{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} {{- end -}} {{- if (not $l.tls.requireClientAuth) -}} {{- $_is_returning = true -}} {{- (dict "r" $t) | toJson -}} {{- break -}} {{- end -}} -{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $schemaRegistryPrefix)) -}} -{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $schemaRegistryPrefix)) -}} +{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} +{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $adminAPIPrefix)) -}} {{- $_is_returning = true -}} {{- (dict "r" $t) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "redpanda.SchemaRegistryExternal.IsEnabled" -}} +{{- define "redpanda.ExternalListener.IsEnabled" -}} {{- $l := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true)))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -1377,7 +1065,7 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $result := (dict ) -}} +{{- $result := (dict) -}} {{- range $k, $v := $c -}} {{- if (not (empty $v)) -}} {{- $_ := (set $result $k $v) -}} @@ -1396,13 +1084,13 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} +{{- $result := (dict) -}} {{- range $k, $v := $c -}} {{- if (not (empty $v)) -}} -{{- $_1868___ok_18 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r") -}} -{{- $_ := ((index $_1868___ok_18 0) | float64) -}} -{{- $ok_18 := (index $_1868___ok_18 1) -}} -{{- if $ok_18 -}} +{{- $_1498___ok_14 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v)))) "r") -}} +{{- $_ := ((index $_1498___ok_14 0) | float64) -}} +{{- $ok_14 := (index $_1498___ok_14 1) -}} +{{- if $ok_14 -}} {{- $_ := (set $result $k $v) -}} {{- else -}}{{- if (kindIs "bool" $v) -}} {{- $_ := (set $result $k $v) -}} @@ -1425,13 +1113,13 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $result := (dict ) -}} +{{- $result := (dict) -}} {{- range $k, $v := $c -}} -{{- $_1888_b_19_ok_20 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r") -}} -{{- $b_19 := (index $_1888_b_19_ok_20 0) -}} -{{- $ok_20 := (index $_1888_b_19_ok_20 1) -}} -{{- if $ok_20 -}} -{{- $_ := (set $result $k $b_19) -}} +{{- $_1518_b_15_ok_16 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false)))) "r") -}} +{{- $b_15 := (index $_1518_b_15_ok_16 0) -}} +{{- $ok_16 := (index $_1518_b_15_ok_16 1) -}} +{{- if $ok_16 -}} +{{- $_ := (set $result $k $b_15) -}} {{- continue -}} {{- end -}} {{- if (not (empty $v)) -}} @@ -1452,7 +1140,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" $sr.name )) (dict "key" $sr.key )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "") (mustMergeOverwrite (dict) (dict "name" $sr.name)) (dict "key" $sr.key))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -1472,24 +1160,24 @@ {{- $config := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1933___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil)) ))) "r") -}} -{{- $_ := (index $_1933___hasAccessKey 0) -}} -{{- $hasAccessKey := (index $_1933___hasAccessKey 1) -}} -{{- $_1934___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil)) ))) "r") -}} -{{- $_ := (index $_1934___hasSecretKey 0) -}} -{{- $hasSecretKey := (index $_1934___hasSecretKey 1) -}} -{{- $_1935___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil)) ))) "r") -}} -{{- $_ := (index $_1935___hasSharedKey 0) -}} -{{- $hasSharedKey := (index $_1935___hasSharedKey 1) -}} +{{- $_1563___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1563___hasAccessKey 0) -}} +{{- $hasAccessKey := (index $_1563___hasAccessKey 1) -}} +{{- $_1564___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1564___hasSecretKey 0) -}} +{{- $hasSecretKey := (index $_1564___hasSecretKey 1) -}} +{{- $_1565___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1565___hasSharedKey 0) -}} +{{- $hasSharedKey := (index $_1565___hasSharedKey 1) -}} {{- $envvars := (coalesce nil) -}} -{{- if (and (not $hasAccessKey) (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.accessKey) ))) "r")) -}} -{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_ACCESS_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.accessKey) ))) "r") )))) -}} +{{- if (and (not $hasAccessKey) (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.accessKey)))) "r")) -}} +{{- $envvars = (concat (default (list) $envvars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_CLOUD_STORAGE_ACCESS_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.accessKey)))) "r"))))) -}} {{- end -}} -{{- if (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.secretKey) ))) "r") -}} -{{- if (and (not $hasSecretKey) (not (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config)) ))) "r"))) -}} -{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_SECRET_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey) ))) "r") )))) -}} -{{- else -}}{{- if (and (not $hasSharedKey) (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config)) ))) "r")) -}} -{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_AZURE_SHARED_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey) ))) "r") )))) -}} +{{- if (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.secretKey)))) "r") -}} +{{- if (and (not $hasSecretKey) (not (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config))))) "r"))) -}} +{{- $envvars = (concat (default (list) $envvars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_CLOUD_STORAGE_SECRET_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey)))) "r"))))) -}} +{{- else -}}{{- if (and (not $hasSharedKey) (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config))))) "r")) -}} +{{- $envvars = (concat (default (list) $envvars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_CLOUD_STORAGE_AZURE_SHARED_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey)))) "r"))))) -}} {{- end -}} {{- end -}} {{- end -}} @@ -1503,12 +1191,12 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1971___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil)) ))) "r") -}} -{{- $_ := (index $_1971___containerExists 0) -}} -{{- $containerExists := (index $_1971___containerExists 1) -}} -{{- $_1972___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil)) ))) "r") -}} -{{- $_ := (index $_1972___accountExists 0) -}} -{{- $accountExists := (index $_1972___accountExists 1) -}} +{{- $_1601___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1601___containerExists 0) -}} +{{- $containerExists := (index $_1601___containerExists 1) -}} +{{- $_1602___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1602___accountExists 0) -}} +{{- $accountExists := (index $_1602___accountExists 1) -}} {{- $_is_returning = true -}} {{- (dict "r" (and $containerExists $accountExists)) | toJson -}} {{- break -}} @@ -1519,9 +1207,9 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1977_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil)) ))) "r") -}} -{{- $value := (index $_1977_value_ok 0) -}} -{{- $ok := (index $_1977_value_ok 1) -}} +{{- $_1607_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil))))) "r") -}} +{{- $value := (index $_1607_value_ok 0) -}} +{{- $ok := (index $_1607_value_ok 1) -}} {{- if (not $ok) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} @@ -1538,17 +1226,17 @@ {{- $creds := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $config := (merge (dict ) (dict ) $c) -}} -{{- range $_, $envvar := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $creds $c) ))) "r") -}} -{{- $key := (lower (substr ((get (fromJson (include "_shims.len" (dict "a" (list "REDPANDA_") ))) "r") | int) -1 $envvar.name)) -}} +{{- $config := (merge (dict) (dict) $c) -}} +{{- range $_, $envvar := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $creds $c)))) "r") -}} +{{- $key := (lower (substr ((get (fromJson (include "_shims.len" (dict "a" (list "REDPANDA_")))) "r") | int) -1 $envvar.name)) -}} {{- $_ := (set $config $key (printf "$%s" $envvar.name)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $size_21 := (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy $c)) ))) "r") -}} -{{- if (ne (toJson $size_21) "null") -}} -{{- $_ := (set $config "cloud_storage_cache_size" ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $size_21) ))) "r") | int64)) -}} +{{- $size_17 := (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy $c))))) "r") -}} +{{- if (ne (toJson $size_17) "null") -}} +{{- $_ := (set $config "cloud_storage_cache_size" ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $size_17)))) "r") | int64)) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $config) | toJson -}} diff --git a/charts/redpanda/values.schema.json b/charts/redpanda/values.schema.json index 176db14ddc..90f3e9407d 100644 --- a/charts/redpanda/values.schema.json +++ b/charts/redpanda/values.schema.json @@ -3853,6 +3853,9 @@ "schemaRegistry": { "additionalProperties": false, "properties": { + "bearerToken": { + "type": "string" + }, "password": { "type": "string" }, @@ -4348,24 +4351,18 @@ "additionalProperties": false, "description": "Values used to define the container image to be used for Redpanda", "properties": { - "pullPolicy": { - "type": "string" - }, "repository": { - "default": "docker.redpanda.com/redpandadata/redpanda", "description": "container image repository", "type": "string" }, "tag": { - "default": "Chart.appVersion", "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", - "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$", "type": "string" } }, "required": [ "repository", - "pullPolicy" + "tag" ], "type": "object" }, @@ -4382,6 +4379,19 @@ "appProtocol": { "type": "string" }, + "authenticationMethod": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, "external": { "minProperties": 1, "patternProperties": { @@ -4395,6 +4405,16 @@ "minItems": 1, "type": "array" }, + "authenticationMethod": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ] + }, "enabled": { "type": "boolean" }, @@ -4404,6 +4424,9 @@ "port": { "type": "integer" }, + "prefixTemplate": { + "type": "string" + }, "tls": { "additionalProperties": false, "properties": { @@ -4536,6 +4559,9 @@ "http": { "additionalProperties": false, "properties": { + "appProtocol": { + "type": "string" + }, "authenticationMethod": { "oneOf": [ { @@ -4654,10 +4680,6 @@ }, "type": "object" }, - "kafkaEndpoint": { - "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$", - "type": "string" - }, "port": { "type": "integer" }, @@ -4720,23 +4742,24 @@ } }, "required": [ - "enabled", - "tls", - "kafkaEndpoint", - "port" + "port", + "tls" ], "type": "object" }, "kafka": { "additionalProperties": false, "properties": { + "appProtocol": { + "type": "string" + }, "authenticationMethod": { "oneOf": [ { "enum": [ "sasl", - "none", - "mtls_identity" + "mtls_identity", + "none" ], "type": "string" }, @@ -4745,6 +4768,9 @@ } ] }, + "enabled": { + "type": "boolean" + }, "external": { "minProperties": 1, "patternProperties": { @@ -4763,8 +4789,8 @@ { "enum": [ "sasl", - "none", - "mtls_identity" + "mtls_identity", + "none" ], "type": "string" }, @@ -4909,8 +4935,8 @@ } }, "required": [ - "tls", - "port" + "port", + "tls" ], "type": "object" }, @@ -4987,13 +5013,12 @@ "schemaRegistry": { "additionalProperties": false, "properties": { + "appProtocol": { + "type": "string" + }, "authenticationMethod": { "oneOf": [ { - "enum": [ - "none", - "http_basic" - ], "type": "string" }, { @@ -5020,10 +5045,6 @@ "authenticationMethod": { "oneOf": [ { - "enum": [ - "none", - "http_basic" - ], "type": "string" }, { @@ -5040,6 +5061,9 @@ "port": { "type": "integer" }, + "prefixTemplate": { + "type": "string" + }, "tls": { "additionalProperties": false, "properties": { @@ -5094,15 +5118,14 @@ "type": "object" } }, + "required": [ + "port" + ], "type": "object" } }, "type": "object" }, - "kafkaEndpoint": { - "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$", - "type": "string" - }, "port": { "type": "integer" }, @@ -5165,8 +5188,6 @@ } }, "required": [ - "enabled", - "kafkaEndpoint", "port", "tls" ], @@ -15303,10 +15324,14 @@ }, "enabled": { "type": "boolean" + }, + "rpkDebugBundle": { + "type": "boolean" } }, "required": [ "enabled", + "rpkDebugBundle", "annotations" ], "type": "object" @@ -20584,18 +20609,17 @@ "additionalProperties": false, "properties": { "repository": { - "default": "docker.redpanda.com/redpandadata/redpanda-operator", + "description": "container image repository", "type": "string" }, "tag": { - "default": "Chart.appVersion", - "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$", + "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", "type": "string" } }, "required": [ - "tag", - "repository" + "repository", + "tag" ], "type": "object" }, @@ -20625,18 +20649,17 @@ "additionalProperties": false, "properties": { "repository": { - "default": "docker.redpanda.com/redpandadata/redpanda-operator", + "description": "container image repository", "type": "string" }, "tag": { - "default": "Chart.appVersion", - "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$", + "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", "type": "string" } }, "required": [ - "tag", - "repository" + "repository", + "tag" ], "type": "object" }, diff --git a/charts/redpanda/values.yaml b/charts/redpanda/values.yaml index 3ccd6c60c9..8191fe3c22 100644 --- a/charts/redpanda/values.yaml +++ b/charts/redpanda/values.yaml @@ -45,9 +45,6 @@ image: # and [all unstable versions](https://hub.docker.com/r/redpandadata/redpanda-unstable/tags). # @default -- `Chart.appVersion`. tag: "" - # -- The imagePullPolicy. - # If `image.tag` is 'latest', the default is `Always`. - pullPolicy: IfNotPresent podTemplate: # -- Labels to apply (or overwrite the default) to all Pods of this Chart. @@ -670,7 +667,7 @@ statefulset: custom: {} sideCars: image: - tag: v2.3.8-24.3.6 + tag: v25.1.1-beta2 repository: docker.redpanda.com/redpandadata/redpanda-operator # The PVCUnbinder helps keep redpanda operational in the event of a tolerable Node or Disk loss event when non-remountable storage, # such as `local` or `hostPath`, are used. It does so by monitoring redpanda Pods that are in a "Pending" state for at least the period @@ -690,9 +687,6 @@ statefulset: configWatcher: enabled: true controllers: - image: - tag: v2.3.8-24.3.6 - repository: docker.redpanda.com/redpandadata/redpanda-operator # You must also enable RBAC, `rbac.enabled=true`, to deploy this sidecar enabled: false healthProbeAddress: ":8085" @@ -719,9 +713,7 @@ statefulset: # -- Service account management. serviceAccount: # -- Specifies whether a service account should be created. - create: false - # -- Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers - automountServiceAccountToken: false + create: true # -- Annotations to add to the service account. annotations: {} # -- The name of the service account to use. @@ -731,11 +723,19 @@ serviceAccount: # -- Role Based Access Control. rbac: - # -- Enable for features that need extra privileges. - # If you use the Redpanda Operator, - # you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag - # to give it the required ClusterRoles. - enabled: false + # -- Controls whether or not Roles, ClusterRoles, and bindings thereof will + # be generated. Disabling this very likely result in a non-functional + # deployment. + # If you use the Redpanda Operator, you must deploy it with the `--set + # rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. + enabled: true + + # -- Controls whether or not a Role and RoleBinding will be generated for the + # permissions required by `rpk debug bundle`. Disabling will not affect the + # redpanda deployment itself but a bundle is required to engage with our + # support. + rpkDebugBundle: true + # -- Annotations to add to the `rbac` resources. annotations: {} @@ -856,7 +856,6 @@ listeners: schemaRegistry: enabled: true port: 8081 - kafkaEndpoint: default # default is "http_basic" authenticationMethod: tls: @@ -880,7 +879,6 @@ listeners: http: enabled: true port: 8082 - kafkaEndpoint: default # default is "http_basic" authenticationMethod: tls: