Merge branch 'main' of https://github.com/drycc-addons/addons into main

EamonZhang · EamonZhang · commit e6abf28a6291 · 2024-05-10T11:15:27.000+08:00
diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml
@@ -184,7 +184,8 @@ daemonset:
           DB                  /data/containers.pos.db
           DB.locking          true
           Offset_Key          offset
-          Tag                 kubernetes.*
+          Tag                 kubernetes.<namespace_name>.<pod_name>.<container_name>.<container_id>
+          Tag_Regex           (?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<container_id>[a-z0-9]{64})\.log$
           Read_from_Head      false
           multiline.parser    docker,cri
     ## https://docs.fluentbit.io/manual/pipeline/outputs
diff --git a/addons/kafka/3.6/chart/kafka/templates/_helpers.tpl b/addons/kafka/3.6/chart/kafka/templates/_helpers.tpl
@@ -575,6 +575,20 @@ Returns the zookeeper.connect setting value
 {{- end -}}
 {{- end -}}
 
+{{/*
+Returns the internel listeners based on the number of controller-eligible nodes
+*/}}
+{{- define "kafka.kraft.internelListeners" -}}
+  {{- $internelListeners := list -}}
+  {{- $fullname := include "common.names.fullname" . -}}
+  {{- $releaseNamespace := include "common.names.namespace" . -}}
+  {{- range $i := until (int .Values.controller.replicaCount) -}}
+  {{- $nodeAddress := printf "%s-controller-%d.%s-controller-headless.%s.svc.%s:%d" $fullname (int $i) $fullname $releaseNamespace $.Values.clusterDomain (int $.Values.listeners.interbroker.containerPort) -}}
+  {{- $internelListeners = append $internelListeners (printf "%s" $nodeAddress ) -}}
+  {{- end -}}
+  {{- join "," $internelListeners -}}
+{{- end -}}
+
 {{/*
 Returns the controller quorum voters based on the number of controller-eligible nodes
 */}}
diff --git a/addons/kafka/3.6/chart/kafka/templates/network-policy/networkpolicy-ingress.yaml b/addons/kafka/3.6/chart/kafka/templates/network-policy/networkpolicy-ingress.yaml
@@ -22,34 +22,37 @@ spec:
     {{- if eq .Values.service.type "LoadBalancer" }}
     - {}
     {{- else }}
-    # Allow client connections
     - ports:
+        # Allow client connections
         - port: {{ .Values.listeners.client.containerPort }}
+        # Allow communication controller
+        - port: {{ .Values.listeners.controller.containerPort }}
+        # Allow communication inter-broker
+        - port: {{ .Values.listeners.interbroker.containerPort }}
+        # Allow communication external
+        - port: {{ .Values.listeners.external.containerPort }}
       {{- if not .Values.networkPolicy.allowExternal }}
       from:
-        - podSelector:
+        {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }}
+        {{- if .Values.networkPolicy.allowCurrentNamespace }}
+        - namespaceSelector:
             matchLabels:
-              {{ template "common.names.fullname" . }}-client: "true"
-          {{- if .Values.networkPolicy.explicitNamespacesSelector }}
-          namespaceSelector: {{- toYaml .Values.networkPolicy.explicitNamespacesSelector | nindent 12 }}
-          {{- end }}
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+        {{- end }}
+        {{- range $namespace := .Values.networkPolicy.allowNamespaces }}
+        {{- if $namespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ $namespace }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
       {{- end }}
-    # Allow communication controller
-    - ports:
-        - port: {{ .Values.listeners.controller.containerPort }}
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
-    # Allow communication inter-broker
-    - ports:
-        - port: {{ .Values.listeners.interbroker.containerPort }}
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
     # Allow External connection
     {{- if .Values.externalAccess.enabled }}
     - ports:
         - port: {{ .Values.listeners.external.containerPort }}
+        - port: {{ .Values.externalAccess.controller.service.ports.external }}
     {{- if .Values.networkPolicy.externalAccess.from }}
       from: {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.externalAccess.from "context" $ ) | nindent 8 }}
     {{- end }}
diff --git a/addons/kafka/3.6/plans/standard-16c32g3w/bind.yaml b/addons/kafka/3.6/plans/standard-16c32g3w/bind.yaml
@@ -1,35 +1,12 @@
 credential:
-  {{- if (eq .Values.service.type "LoadBalancer") }}
-  - name: EXTERNAL_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
-  {{- end }}
-  
-  - name: CLIENT_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.clusterIP }'
+  - name: INTERNAL_LISTENERS
+    value: {{ include "kafka.kraft.internelListeners" . }}
 
-  - name: CLIENT_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-client")].port }'
+  - name: PROTOCOL_MAP
+    value: {{ include "kafka.securityProtocolMap" . }}
 
-  {{- if .Values.externalAccess.enabled }}
-  - name: EXTERNAL_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-external")].port }'
-  {{- end }}
-
-
-  {{- if (include "kafka.createSaslSecret" .) }}
   {{- if (include "kafka.saslUserPasswordsEnabled" .) }}
+  {{- if (include "kafka.client.saslEnabled" .) }}
   - name: CLIENT_USERS
     value: {{ join "," .Values.sasl.client.users | quote }}
 
@@ -45,4 +22,36 @@ credential:
         name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
         jsonpath: '{ .data.system-user-password }'
   {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
+  - name: INTER_BROKER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.inter-broker-password }'
+  {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
+  - name: CONTROLLER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.controller-password }'
   {{- end }}
+  {{- end }}
+
+{{- if .Values.externalAccess.enabled }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $replicaCount := .Values.controller.replicaCount | int }}
+{{- range $i := until $replicaCount }}
+{{- $targetPod := printf "%s-broker-%d" (printf "%s" $fullname) $i }}
+  - name: {{ printf "EXTERNAL_%d" $i }}
+    valueFrom:
+      serviceRef:
+        name: {{ printf "%s-broker-%d-external" (include "common.names.fullname" $) $i | trunc 63 | trimSuffix "-" }}
+        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
+{{- end }}
+
+  - name: EXTERNAL_PORT
+    value: {{ .Values.externalAccess.controller.service.ports.external }}
+{{- end }}
diff --git a/addons/kafka/3.6/plans/standard-1c2g3w/bind.yaml b/addons/kafka/3.6/plans/standard-1c2g3w/bind.yaml
@@ -1,35 +1,12 @@
 credential:
-  {{- if (eq .Values.service.type "LoadBalancer") }}
-  - name: EXTERNAL_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
-  {{- end }}
-  
-  - name: CLIENT_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.clusterIP }'
+  - name: INTERNAL_LISTENERS
+    value: {{ include "kafka.kraft.internelListeners" . }}
 
-  - name: CLIENT_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-client")].port }'
+  - name: PROTOCOL_MAP
+    value: {{ include "kafka.securityProtocolMap" . }}
 
-  {{- if .Values.externalAccess.enabled }}
-  - name: EXTERNAL_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-external")].port }'
-  {{- end }}
-
-
-  {{- if (include "kafka.createSaslSecret" .) }}
   {{- if (include "kafka.saslUserPasswordsEnabled" .) }}
+  {{- if (include "kafka.client.saslEnabled" .) }}
   - name: CLIENT_USERS
     value: {{ join "," .Values.sasl.client.users | quote }}
 
@@ -45,4 +22,36 @@ credential:
         name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
         jsonpath: '{ .data.system-user-password }'
   {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
+  - name: INTER_BROKER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.inter-broker-password }'
+  {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
+  - name: CONTROLLER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.controller-password }'
   {{- end }}
+  {{- end }}
+
+{{- if .Values.externalAccess.enabled }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $replicaCount := .Values.controller.replicaCount | int }}
+{{- range $i := until $replicaCount }}
+{{- $targetPod := printf "%s-broker-%d" (printf "%s" $fullname) $i }}
+  - name: {{ printf "EXTERNAL_%d" $i }}
+    valueFrom:
+      serviceRef:
+        name: {{ printf "%s-broker-%d-external" (include "common.names.fullname" $) $i | trunc 63 | trimSuffix "-" }}
+        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
+{{- end }}
+
+  - name: EXTERNAL_PORT
+    value: {{ .Values.externalAccess.controller.service.ports.external }}
+{{- end }}
diff --git a/addons/kafka/3.6/plans/standard-24c64g3w/bind.yaml b/addons/kafka/3.6/plans/standard-24c64g3w/bind.yaml
@@ -1,35 +1,12 @@
 credential:
-  {{- if (eq .Values.service.type "LoadBalancer") }}
-  - name: EXTERNAL_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
-  {{- end }}
-  
-  - name: CLIENT_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.clusterIP }'
+  - name: INTERNAL_LISTENERS
+    value: {{ include "kafka.kraft.internelListeners" . }}
 
-  - name: CLIENT_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-client")].port }'
+  - name: PROTOCOL_MAP
+    value: {{ include "kafka.securityProtocolMap" . }}
 
-  {{- if .Values.externalAccess.enabled }}
-  - name: EXTERNAL_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-external")].port }'
-  {{- end }}
-
-
-  {{- if (include "kafka.createSaslSecret" .) }}
   {{- if (include "kafka.saslUserPasswordsEnabled" .) }}
+  {{- if (include "kafka.client.saslEnabled" .) }}
   - name: CLIENT_USERS
     value: {{ join "," .Values.sasl.client.users | quote }}
 
@@ -45,4 +22,36 @@ credential:
         name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
         jsonpath: '{ .data.system-user-password }'
   {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
+  - name: INTER_BROKER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.inter-broker-password }'
+  {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
+  - name: CONTROLLER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.controller-password }'
   {{- end }}
+  {{- end }}
+
+{{- if .Values.externalAccess.enabled }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $replicaCount := .Values.controller.replicaCount | int }}
+{{- range $i := until $replicaCount }}
+{{- $targetPod := printf "%s-broker-%d" (printf "%s" $fullname) $i }}
+  - name: {{ printf "EXTERNAL_%d" $i }}
+    valueFrom:
+      serviceRef:
+        name: {{ printf "%s-broker-%d-external" (include "common.names.fullname" $) $i | trunc 63 | trimSuffix "-" }}
+        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
+{{- end }}
+
+  - name: EXTERNAL_PORT
+    value: {{ .Values.externalAccess.controller.service.ports.external }}
+{{- end }}
diff --git a/addons/kafka/3.6/plans/standard-2c4g3w/bind.yaml b/addons/kafka/3.6/plans/standard-2c4g3w/bind.yaml
@@ -1,35 +1,12 @@
 credential:
-  {{- if (eq .Values.service.type "LoadBalancer") }}
-  - name: EXTERNAL_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
-  {{- end }}
-  
-  - name: CLIENT_HOST
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.clusterIP }'
+  - name: INTERNAL_LISTENERS
+    value: {{ include "kafka.kraft.internelListeners" . }}
 
-  - name: CLIENT_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-client")].port }'
+  - name: PROTOCOL_MAP
+    value: {{ include "kafka.securityProtocolMap" . }}
 
-  {{- if .Values.externalAccess.enabled }}
-  - name: EXTERNAL_PORT
-    valueFrom:
-      serviceRef:
-        name: {{ template "common.names.fullname" . }}
-        jsonpath: '{ .spec.ports[?(@.name=="tcp-external")].port }'
-  {{- end }}
-
-
-  {{- if (include "kafka.createSaslSecret" .) }}
   {{- if (include "kafka.saslUserPasswordsEnabled" .) }}
+  {{- if (include "kafka.client.saslEnabled" .) }}
   - name: CLIENT_USERS
     value: {{ join "," .Values.sasl.client.users | quote }}
 
@@ -45,4 +22,36 @@ credential:
         name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
         jsonpath: '{ .data.system-user-password }'
   {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
+  - name: INTER_BROKER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.inter-broker-password }'
+  {{- end }}
+
+  {{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
+  - name: CONTROLLER_PASSPORTS
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-user-passwords" (include "common.names.fullname" .) }}
+        jsonpath: '{ .data.controller-password }'
   {{- end }}
+  {{- end }}
+
+{{- if .Values.externalAccess.enabled }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $replicaCount := .Values.controller.replicaCount | int }}
+{{- range $i := until $replicaCount }}
+{{- $targetPod := printf "%s-broker-%d" (printf "%s" $fullname) $i }}
+  - name: {{ printf "EXTERNAL_%d" $i }}
+    valueFrom:
+      serviceRef:
+        name: {{ printf "%s-broker-%d-external" (include "common.names.fullname" $) $i | trunc 63 | trimSuffix "-" }}
+        jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
+{{- end }}
+
+  - name: EXTERNAL_PORT
+    value: {{ .Values.externalAccess.controller.service.ports.external }}
+{{- end }}
diff --git a/addons/kafka/3.6/plans/standard-4c8g3w/bind.yaml b/addons/kafka/3.6/plans/standard-4c8g3w/bind.yaml
diff --git a/addons/kafka/3.6/plans/standard-8c16g3w/bind.yaml b/addons/kafka/3.6/plans/standard-8c16g3w/bind.yaml
