chore(flink): update flink chart

Author: jianxiaoguo

addons/flink/1/chart/flink/README.md

@@ -35,6 +35,10 @@ spec:
       {{- end }}
     spec:
       {{- include "flink.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.jobmanager.automountServiceAccountToken }}
+      {{- if .Values.jobmanager.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.jobmanager.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
       {{- if .Values.jobmanager.schedulerName }}
       schedulerName: {{ .Values.jobmanager.schedulerName }}
       {{- end }}

addons/flink/1/chart/flink/templates/jobmanager/deployment.yaml

@@ -0,0 +1,94 @@
+{{- /*
+Copyright Drycc Community.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.jobmanager.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "flink.jobmanager.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: flink
+    app.kubernetes.io/component: jobmanager
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.jobmanager.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/part-of: flink
+      app.kubernetes.io/component: jobmanager
+  policyTypes:
+    - Ingress
+    - Egress
+  {{- if .Values.jobmanager.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
+  egress:
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    # Allow outbound connections to other jobmanager pods
+    - ports:
+        - port: {{ .Values.jobmanager.containerPorts.blob }}
+        - port: {{ .Values.jobmanager.containerPorts.rpc }}
+        - port: {{ .Values.jobmanager.containerPorts.http }}
+      to:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink
+              app.kubernetes.io/component: jobmanager
+    # Allow outbound connections to other taskmanager pods
+    - ports:
+        - port: {{ .Values.taskmanager.containerPorts.data }}
+        - port: {{ .Values.taskmanager.containerPorts.rpc }}
+      to:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink
+              app.kubernetes.io/component: taskmanager
+    {{- if .Values.jobmanager.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.jobmanager.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.jobmanager.containerPorts.blob }}
+        - port: {{ .Values.jobmanager.containerPorts.rpc }}
+        - port: {{ .Values.jobmanager.containerPorts.http }}
+      {{- if not .Values.jobmanager.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "flink.jobmanager.fullname" . }}-client: "true"
+        {{- if .Values.jobmanager.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.jobmanager.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.jobmanager.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.jobmanager.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink        
+      {{- end }}
+    {{- if .Values.jobmanager.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.jobmanager.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

addons/flink/1/chart/flink/templates/jobmanager/networkpolicy.yaml

@@ -35,6 +35,10 @@ spec:
       {{- end }}
     spec:
       {{- include "flink.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.taskmanager.automountServiceAccountToken }}
+      {{- if .Values.taskmanager.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.taskmanager.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
       {{- if .Values.taskmanager.schedulerName }}
       schedulerName: {{ .Values.taskmanager.schedulerName }}
       {{- end }}
@@ -100,10 +104,6 @@ spec:
               value: 0.0.0.0
             - name: FLINK_CFG_TASKMANAGER_RPC_PORT
               value: {{ .Values.taskmanager.containerPorts.rpc | quote }}
-            - name: FLINK_CFG_TASKMANAGER_HOST
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
             - name: FLINK_CFG_TASKMANAGER_BIND__HOST
               value: 0.0.0.0
             - name: DRYCC_DEBUG

addons/flink/1/chart/flink/templates/taskmanager/deployment.yaml

@@ -0,0 +1,93 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.taskmanager.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "flink.taskmanager.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: flink
+    app.kubernetes.io/component: taskmanager
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.taskmanager.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/part-of: flink
+      app.kubernetes.io/component: taskmanager
+  policyTypes:
+    - Ingress
+    - Egress
+  {{- if .Values.taskmanager.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
+  egress:
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    # Allow outbound connections to other jobmanager pods
+    - ports:
+        - port: {{ .Values.jobmanager.containerPorts.blob }}
+        - port: {{ .Values.jobmanager.containerPorts.rpc }}
+        - port: {{ .Values.jobmanager.containerPorts.http }}
+      to:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink
+              app.kubernetes.io/component: jobmanager
+    # Allow outbound connections to other taskmanager pods
+    - ports:
+        - port: {{ .Values.taskmanager.containerPorts.data }}
+        - port: {{ .Values.taskmanager.containerPorts.rpc }}
+      to:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink
+              app.kubernetes.io/component: taskmanager
+    {{- if .Values.taskmanager.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.taskmanager.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.taskmanager.containerPorts.data }}
+        - port: {{ .Values.taskmanager.containerPorts.rpc }}
+      {{- if not .Values.taskmanager.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "flink.taskmanager.fullname" . }}-client: "true"
+        {{- if .Values.taskmanager.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.taskmanager.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.taskmanager.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.taskmanager.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
+              app.kubernetes.io/part-of: flink        
+      {{- end }}
+    {{- if .Values.taskmanager.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.taskmanager.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}