Skip to content

Commit 1659ec7

Browse files
freeznetfreeznet
committed
fix package
1 parent 71708f3 commit 1659ec7

File tree

20 files changed

+2243
-1005
lines changed

20 files changed

+2243
-1005
lines changed

api/v1alpha1/pulsarpackage_types.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ type PulsarPackageSpec struct {
3232
PackageURL string `json:"packageURL"`
3333

3434
// FileURL is the download-able URL of the package from http or https protocol
35+
// Support cloud storage providers: AWS S3 (s3://), Google Cloud Storage (gs://), Azure Blob Storage (azblob://)
3536
// +kubebuilder:validation:Required
3637
FileURL string `json:"fileURL"`
3738

@@ -50,6 +51,12 @@ type PulsarPackageSpec struct {
5051
// +kubebuilder:validation:Enum=CleanUpAfterDeletion;KeepAfterDeletion
5152
// +optional
5253
LifecyclePolicy PulsarResourceLifeCyclePolicy `json:"lifecyclePolicy,omitempty"`
54+
55+
// SyncPolicy represents the sync policy of the package, including Always, IfNotPresent, Never
56+
// Defaults to Always if @latest tag is used in the package URL, or IfNotPresent otherwise
57+
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
58+
// +optional
59+
SyncPolicy PulsarPackageSyncPolicy `json:"syncPolicy,omitempty"`
5360
}
5461

5562
// PulsarPackageStatus defines the observed state of PulsarPackage
@@ -97,6 +104,19 @@ type PulsarPackageList struct {
97104
Items []PulsarPackage `json:"items"`
98105
}
99106

107+
// PulsarPackageSyncPolicy represents the sync policy of the package, including Always, IfNotPresent, Never
108+
// +enum
109+
type PulsarPackageSyncPolicy string
110+
111+
const (
112+
// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
113+
PullAlways PulsarPackageSyncPolicy = "Always"
114+
// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
115+
PullNever PulsarPackageSyncPolicy = "Never"
116+
// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
117+
PullIfNotPresent PulsarPackageSyncPolicy = "IfNotPresent"
118+
)
119+
100120
func init() {
101121
SchemeBuilder.Register(&PulsarPackage{}, &PulsarPackageList{})
102122
}

charts/pulsar-resources-operator/templates/cloud-storage-secrets.yaml

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
# Copyright 2025 StreamNative
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
{{- if .Values.cloudStorage.s3.enabled }}
16+
{{- if .Values.cloudStorage.s3.credentials.create }}
17+
apiVersion: v1
18+
kind: Secret
19+
metadata:
20+
name: {{ .Values.cloudStorage.s3.credentials.secretName }}
21+
namespace: {{ include "pulsar-resources-operator.namespace" . }}
22+
labels:
23+
{{- include "pulsar-resources-operator.labels" . | nindent 4 }}
24+
type: Opaque
25+
data:
26+
access-key-id: {{ .Values.cloudStorage.s3.credentials.accessKeyId | b64enc }}
27+
secret-access-key: {{ .Values.cloudStorage.s3.credentials.secretAccessKey | b64enc }}
28+
---
29+
{{- end }}
30+
{{- end }}
31+
32+
{{- if and .Values.cloudStorage.gcs.enabled (not .Values.cloudStorage.gcs.serviceAccount.useWorkloadIdentity) }}
33+
{{- if .Values.cloudStorage.gcs.serviceAccount.key.create }}
34+
apiVersion: v1
35+
kind: Secret
36+
metadata:
37+
name: {{ .Values.cloudStorage.gcs.serviceAccount.key.secretName }}
38+
namespace: {{ include "pulsar-resources-operator.namespace" . }}
39+
labels:
40+
{{- include "pulsar-resources-operator.labels" . | nindent 4 }}
41+
type: Opaque
42+
data:
43+
key.json: {{ .Values.cloudStorage.gcs.serviceAccount.key.json | b64enc }}
44+
---
45+
{{- end }}
46+
{{- end }}
47+
48+
{{- if .Values.cloudStorage.azure.enabled }}
49+
{{- if .Values.cloudStorage.azure.credentials.create }}
50+
apiVersion: v1
51+
kind: Secret
52+
metadata:
53+
name: {{ .Values.cloudStorage.azure.credentials.secretName }}
54+
namespace: {{ include "pulsar-resources-operator.namespace" . }}
55+
labels:
56+
{{- include "pulsar-resources-operator.labels" . | nindent 4 }}
57+
type: Opaque
58+
data:
59+
{{- if .Values.cloudStorage.azure.credentials.useAccountKey }}
60+
storage-key: {{ .Values.cloudStorage.azure.credentials.accountKey | b64enc }}
61+
{{- else }}
62+
sas-token: {{ .Values.cloudStorage.azure.credentials.sasToken | b64enc }}
63+
{{- end }}
64+
{{- end }}
65+
{{- end }}

charts/pulsar-resources-operator/templates/deployment.yaml

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,14 @@ spec:
3838
{{- toYaml . | nindent 8 }}
3939
{{- end }}
4040
spec:
41+
{{- if or .Values.cloudStorage.gcs.enabled .Values.cloudStorage.s3.enabled .Values.cloudStorage.azure.enabled }}
42+
volumes:
43+
{{- if and .Values.cloudStorage.gcs.enabled (not .Values.cloudStorage.gcs.serviceAccount.useWorkloadIdentity) }}
44+
- name: gcs-credentials
45+
secret:
46+
secretName: {{ .Values.cloudStorage.gcs.serviceAccount.key.secretName }}
47+
{{- end }}
48+
{{- end }}
4149
imagePullSecrets:
4250
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
4351
serviceAccountName: {{ include "pulsar-resources-operator.serviceAccountName" . }}
@@ -52,16 +60,57 @@ spec:
5260
- --retry-count={{ .Values.features.retryCount | default 5 }}
5361
command:
5462
- /manager
55-
{{- if .Values.features.alwaysUpdatePulsarResource }}
5663
env:
64+
{{- if .Values.features.alwaysUpdatePulsarResource }}
5765
- name: ALWAYS_UPDATE_PULSAR_RESOURCE
5866
value: "true"
5967
{{- end }}
68+
{{- if .Values.cloudStorage.s3.enabled }}
69+
- name: AWS_REGION
70+
value: {{ .Values.cloudStorage.s3.region | quote }}
71+
- name: AWS_ACCESS_KEY_ID
72+
valueFrom:
73+
secretKeyRef:
74+
name: {{ .Values.cloudStorage.s3.credentials.secretName }}
75+
key: access-key-id
76+
- name: AWS_SECRET_ACCESS_KEY
77+
valueFrom:
78+
secretKeyRef:
79+
name: {{ .Values.cloudStorage.s3.credentials.secretName }}
80+
key: secret-access-key
81+
{{- end }}
82+
{{- if and .Values.cloudStorage.gcs.enabled (not .Values.cloudStorage.gcs.serviceAccount.useWorkloadIdentity) }}
83+
- name: GOOGLE_APPLICATION_CREDENTIALS
84+
value: {{ printf "%s/key.json" .Values.cloudStorage.gcs.serviceAccount.key.mountPath }}
85+
{{- end }}
86+
{{- if .Values.cloudStorage.azure.enabled }}
87+
- name: AZURE_STORAGE_ACCOUNT
88+
value: {{ .Values.cloudStorage.azure.accountName | quote }}
89+
{{- if .Values.cloudStorage.azure.credentials.useAccountKey }}
90+
- name: AZURE_STORAGE_KEY
91+
valueFrom:
92+
secretKeyRef:
93+
name: {{ .Values.cloudStorage.azure.credentials.secretName }}
94+
key: storage-key
95+
{{- else }}
96+
- name: AZURE_STORAGE_SAS_TOKEN
97+
valueFrom:
98+
secretKeyRef:
99+
name: {{ .Values.cloudStorage.azure.credentials.secretName }}
100+
key: sas-token
101+
{{- end }}
102+
{{- end }}
60103
name: manager
61104
securityContext:
62105
{{- toYaml .Values.securityContext | nindent 10 }}
63106
image: "{{ .Values.image.manager.registry }}/{{ .Values.image.manager.repository }}:{{ .Values.image.manager.tag | default .Chart.AppVersion }}"
64107
imagePullPolicy: {{ .Values.image.pullPolicy }}
108+
{{- if and .Values.cloudStorage.gcs.enabled (not .Values.cloudStorage.gcs.serviceAccount.useWorkloadIdentity) }}
109+
volumeMounts:
110+
- name: gcs-credentials
111+
mountPath: {{ .Values.cloudStorage.gcs.serviceAccount.key.mountPath }}
112+
readOnly: true
113+
{{- end }}
65114
livenessProbe:
66115
httpGet:
67116
path: /healthz

charts/pulsar-resources-operator/templates/serviceaccount.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,11 @@ metadata:
2121
namespace: {{ include "pulsar-resources-operator.namespace" .}}
2222
labels:
2323
{{- include "pulsar-resources-operator.labels" . | nindent 4 }}
24-
{{- with .Values.serviceAccount.annotations }}
2524
annotations:
25+
{{- if and .Values.cloudStorage.gcs.enabled .Values.cloudStorage.gcs.serviceAccount.useWorkloadIdentity }}
26+
iam.gke.io/gcp-service-account: {{ .Values.cloudStorage.gcs.serviceAccount.name }}
27+
{{- end }}
28+
{{- with .Values.serviceAccount.annotations }}
2629
{{- toYaml . | nindent 4 }}
27-
{{- end }}
30+
{{- end }}
2831
{{- end }}

charts/pulsar-resources-operator/values.schema.json

Lines changed: 155 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -130,11 +130,13 @@
130130
]
131131
}
132132
},
133-
"examples": [{
134-
"registry": "gcr.io",
135-
"repository": "kubebuilder/kube-rbac-proxy",
136-
"tag": "v0.14.4"
137-
}]
133+
"examples": [
134+
{
135+
"registry": "gcr.io",
136+
"repository": "kubebuilder/kube-rbac-proxy",
137+
"tag": "v0.14.4"
138+
}
139+
]
138140
}
139141
},
140142
"additionalProperties": true
@@ -179,7 +181,6 @@
179181
}
180182
]
181183
}
182-
183184
},
184185
"nameOverride": {
185186
"$id": "#/properties/nameOverride",
@@ -312,8 +313,7 @@
312313
"examples": [
313314
{}
314315
],
315-
"required": [
316-
],
316+
"required": [],
317317
"properties": {
318318
"requests": {
319319
"$id": "#/properties/resources/properties/requests",
@@ -398,6 +398,153 @@
398398
"examples": [
399399
10
400400
]
401+
},
402+
"cloudStorage": {
403+
"type": "object",
404+
"description": "Cloud storage providers configuration",
405+
"properties": {
406+
"s3": {
407+
"type": "object",
408+
"description": "AWS S3 configuration",
409+
"properties": {
410+
"enabled": {
411+
"type": "boolean",
412+
"description": "Enable AWS S3 support"
413+
},
414+
"region": {
415+
"type": "string",
416+
"description": "AWS region"
417+
},
418+
"credentials": {
419+
"type": "object",
420+
"description": "AWS credentials secret configuration",
421+
"properties": {
422+
"create": {
423+
"type": "boolean",
424+
"description": "Create a new secret for AWS credentials"
425+
},
426+
"secretName": {
427+
"type": "string",
428+
"description": "Existing secret name"
429+
},
430+
"accessKeyId": {
431+
"type": "string",
432+
"description": "AWS access key ID (only used if create is true)"
433+
},
434+
"secretAccessKey": {
435+
"type": "string",
436+
"description": "AWS secret access key (only used if create is true)"
437+
}
438+
},
439+
"required": [
440+
"secretName"
441+
]
442+
}
443+
},
444+
"required": [
445+
"enabled"
446+
]
447+
},
448+
"gcs": {
449+
"type": "object",
450+
"description": "Google Cloud Storage configuration",
451+
"properties": {
452+
"enabled": {
453+
"type": "boolean",
454+
"description": "Enable Google Cloud Storage support"
455+
},
456+
"serviceAccount": {
457+
"type": "object",
458+
"description": "Service account configuration",
459+
"properties": {
460+
"useWorkloadIdentity": {
461+
"type": "boolean",
462+
"description": "Use workload identity"
463+
},
464+
"name": {
465+
"type": "string",
466+
"description": "Name of the Kubernetes service account for workload identity"
467+
},
468+
"key": {
469+
"type": "object",
470+
"description": "Service account key configuration",
471+
"properties": {
472+
"create": {
473+
"type": "boolean",
474+
"description": "Create a new secret for service account key"
475+
},
476+
"secretName": {
477+
"type": "string",
478+
"description": "Existing secret name"
479+
},
480+
"json": {
481+
"type": "string",
482+
"description": "Service account key JSON content (only used if create is true)"
483+
},
484+
"mountPath": {
485+
"type": "string",
486+
"description": "Mount path of the service account key file"
487+
}
488+
},
489+
"required": [
490+
"secretName",
491+
"mountPath"
492+
]
493+
}
494+
}
495+
}
496+
},
497+
"required": [
498+
"enabled"
499+
]
500+
},
501+
"azure": {
502+
"type": "object",
503+
"description": "Azure Blob Storage configuration",
504+
"properties": {
505+
"enabled": {
506+
"type": "boolean",
507+
"description": "Enable Azure Blob Storage support"
508+
},
509+
"accountName": {
510+
"type": "string",
511+
"description": "Azure storage account name"
512+
},
513+
"credentials": {
514+
"type": "object",
515+
"description": "Azure credentials configuration",
516+
"properties": {
517+
"create": {
518+
"type": "boolean",
519+
"description": "Create a new secret for Azure credentials"
520+
},
521+
"secretName": {
522+
"type": "string",
523+
"description": "Existing secret name"
524+
},
525+
"accountKey": {
526+
"type": "string",
527+
"description": "Storage account key (only used if create is true)"
528+
},
529+
"sasToken": {
530+
"type": "string",
531+
"description": "SAS token (only used if create is true)"
532+
},
533+
"useAccountKey": {
534+
"type": "boolean",
535+
"description": "Use account key for authentication (if false, will use SAS token)"
536+
}
537+
},
538+
"required": [
539+
"secretName"
540+
]
541+
}
542+
},
543+
"required": [
544+
"enabled"
545+
]
546+
}
547+
}
401548
}
402549
},
403550
"additionalProperties": true

0 commit comments

Comments
 (0)