README
¶
Redpanda Helm Chart Specification
description: Find the default values and descriptions of settings in the Redpanda Helm chart.
This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s values.yaml file. Each of the settings is listed and described on this page, along with any default values.
For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the deployment documentation.
Autogenerated from chart metadata using helm-docs v1.14.2
Source Code
Requirements
Kubernetes: >= 1.25.0-0
| Repository | Name | Version |
|---|---|---|
| https://charts.redpanda.com | console(console) | >=3.0.0-0 |
Settings
auditLogging
Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0.
Default:
{"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null}
auditLogging.clientMaxBufferSize
Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.
Default: 16777216
auditLogging.enabled
Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled.
Default: false
auditLogging.enabledEventTypes
Event types that should be captured by audit logs, default is [admin, authenticate, management].
Default: nil
auditLogging.excludedPrincipals
List of principals to exclude from auditing, default is null.
Default: nil
auditLogging.excludedTopics
List of topics to exclude from auditing, default is null.
Default: nil
auditLogging.listener
Kafka listener name, note that it must have authenticationMethod set to sasl. For external listeners, use the external listener name, such as default.
Default: "internal"
auditLogging.partitions
Integer value defining the number of partitions used by a newly created audit topic.
Default: 12
auditLogging.queueDrainIntervalMs
In ms, frequency in which per shard audit logs are batched to client for write to audit log.
Default: 500
auditLogging.queueMaxBufferSizePerShard
Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard.
Default: 1048576
auditLogging.replicationFactor
Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null
Default: nil
auth
Authentication settings. For details, see the SASL documentation.
Default:
{"sasl":{"bootstrapUser":{"mechanism":"SCRAM-SHA-256"},"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}}
auth.sasl.bootstrapUser
Details about how to create the bootstrap user for the cluster. The secretKeyRef is optionally specified. If it is specified, the chart will use a password written to that secret when creating the "kubernetes-controller" bootstrap user. If it is unspecified, then the secret will be generated and stored in the secret "releasename"-bootstrap-user, with the key "password".
Default:
{"mechanism":"SCRAM-SHA-256"}
auth.sasl.bootstrapUser.mechanism
The authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512.
Default: "SCRAM-SHA-256"
auth.sasl.enabled
Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in auth.sasl.secretRef.
Default: false
auth.sasl.mechanism
The authentication mechanism to use for the superuser. Options are SCRAM-SHA-256 and SCRAM-SHA-512.
Default: "SCRAM-SHA-512"
auth.sasl.secretRef
A Secret that contains your superuser credentials. For details, see the SASL documentation.
Default: "redpanda-users"
auth.sasl.users
Optional list of superusers. These superusers will be created in the Secret whose name is defined in auth.sasl.secretRef. If this list is empty, the Secret in auth.sasl.secretRef must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own.
Default: []
clusterDomain
Default Kubernetes cluster domain.
Default: "cluster.local."
commonLabels
Additional labels to add to all Kubernetes objects. For example, my.k8s.service: redpanda.
Default: {}
config
This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the configuration documentation.
Default:
{"cluster":{},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}}
config.cluster
Cluster Configuration Properties
Default: {}
config.node
Broker (node) Configuration Properties.
Default: {"crash_loop_limit":5}
config.node.crash_loop_limit
Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit
Default: 5
config.tunable
Tunable cluster properties. Deprecated: all settings here may be specified via config.cluster.
Default:
{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}
config.tunable.compacted_log_segment_size
See the property reference documentation.
Default: 67108864
config.tunable.kafka_connection_rate_limit
See the property reference documentation.
Default: 1000
config.tunable.log_segment_size_max
See the property reference documentation.
Default: 268435456
config.tunable.log_segment_size_min
See the property reference documentation.
Default: 16777216
config.tunable.max_compacted_log_segment_size
See the property reference documentation.
Default: 536870912
console
Redpanda Console settings. For a reference of configuration settings, see the Redpanda Console documentation.
Default:
{"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}}
enterprise
Enterprise (optional) For details, see the License documentation.
Default:
{"license":"","licenseSecretRef":null}
enterprise.license
license (optional).
Default: ""
enterprise.licenseSecretRef
Secret name and key where the license key is stored.
Default: nil
external
External access settings. For details, see the Networking and Connectivity documentation.
Default:
{"enabled":true,"service":{"enabled":true},"type":"NodePort"}
external.enabled
Enable external access for each Service. You can toggle external access for each listener in listeners.<service name>.external.<listener-name>.enabled.
Default: true
external.service
Service allows you to manage the creation of an external kubernetes service object
Default: {"enabled":true}
external.service.enabled
Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service.
Default: true
external.type
External access type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority.
Default: "NodePort"
fullnameOverride
Override redpanda.fullname template.
Default: ""
image
Redpanda Docker image settings.
Default:
{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""}
image.pullPolicy
The imagePullPolicy. If image.tag is 'latest', the default is Always.
Default: "IfNotPresent"
image.repository
Docker repository from which to pull the Redpanda Docker image.
Default:
"docker.redpanda.com/redpandadata/redpanda"
image.tag
The Redpanda version. See DockerHub for: All stable versions and all unstable versions.
Default: Chart.appVersion.
listeners
Listener settings. Override global settings configured above for individual listeners. For details, see the listeners documentation.
Default:
{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}}
listeners.admin
Admin API listener (only one).
Default:
{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}}
listeners.admin.external
Optional external access settings.
Default:
{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}}
listeners.admin.external.default
Name of the external listener.
Default:
{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}
listeners.admin.external.default.tls
The port advertised to this listener's external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, listeners.admin.port is used.
Default: {"cert":"external"}
listeners.admin.port
The port for both internal and external connections to the Admin API.
Default: 9644
listeners.admin.tls
Optional TLS section (required if global TLS is enabled)
Default:
{"cert":"default","requireClientAuth":false}
listeners.admin.tls.cert
Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs).
Default: "default"
listeners.admin.tls.requireClientAuth
If true, the truststore file for this listener is included in the ConfigMap.
Default: false
listeners.http
HTTP API listeners (aka PandaProxy).
Default:
{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}}
listeners.kafka
Kafka API listeners.
Default:
{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}}
listeners.kafka.external.default.advertisedPorts
If undefined, listeners.kafka.external.default.port is used.
Default: [31092]
listeners.kafka.external.default.port
The port used for external client connections.
Default: 9094
listeners.kafka.port
The port for internal client connections.
Default: 9093
listeners.rpc
RPC listener (this is never externally accessible).
Default:
{"port":33145,"tls":{"cert":"default","requireClientAuth":false}}
listeners.schemaRegistry
Schema registry listeners.
Default:
{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}
logging
Log-level settings.
Default:
{"logLevel":"info","usageStats":{"enabled":true}}
logging.logLevel
Log level Valid values (from least to most verbose) are: warn, info, debug, and trace.
Default: "info"
logging.usageStats
Send usage statistics back to Redpanda Data. For details, see the stats reporting documentation.
Default: {"enabled":true}
monitoring
Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics.
Default:
{"enabled":false,"labels":{},"scrapeInterval":"30s"}
nameOverride
Override redpanda.name template.
Default: ""
podTemplate.annotations
Annotations to apply (or overwrite the default) to all Pods of this Chart.
Default: {}
podTemplate.labels
Labels to apply (or overwrite the default) to all Pods of this Chart.
Default: {}
podTemplate.spec
A subset of Kubernetes' PodSpec type that will be merged into the PodSpec of all Pods for this Chart. See Merge Semantics for details.
Default:
{"imagePullSecrets":[],"securityContext":{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":101}}
podTemplate.spec.imagePullSecrets
Pull secrets may be used to provide credentials to image repositories See the Kubernetes documentation.
Default: []
post_install_job.enabled
Default: true
post_install_job.podTemplate.annotations
Annotations to apply (or overwrite the default) to the Pods of this Job.
Default: {}
post_install_job.podTemplate.labels
Labels to apply (or overwrite the default) to the Pods of this Job.
Default: {}
post_install_job.podTemplate.spec
A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.
Default:
{"containers":[{"env":[],"name":"post-install","securityContext":{}}],"securityContext":{}}
rackAwareness
Rack Awareness settings. For details, see the Rack Awareness documentation.
Default:
{"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"}
rackAwareness.enabled
When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with "get" Node permissions. To have the Helm chart configure these permissions, set serviceAccount.create=true and rbac.enabled=true.
Default: false
rackAwareness.nodeAnnotation
The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation.
Default:
"topology.kubernetes.io/zone"
rbac
Role Based Access Control.
Default:
{"annotations":{},"enabled":false}
rbac.annotations
Annotations to add to the rbac resources.
Default: {}
rbac.enabled
Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles.
Default: false
resources
Pod resource management. This section simplifies resource allocation for the redpanda container by providing a single location where resources are defined.
Resources may be specified by either setting resources.cpu and
resources.memory (the default) or by setting resources.requests and
resources.limits.
For details on resources.cpu and resources.memory, see their respective
documentation below.
When resources.limits and resources.requests are set, the redpanda
container's resources will be set to exactly the provided values. This allows
users to granularly control limits and requests to best suit their use case.
For example: resources.requests.cpu may be set without setting
resources.limits.cpu to avoid the potential of CPU throttling.
Redpanda's resource related CLI flags will then be calculated as follows:
--smp max(1, floor(coalesce(resources.requests.cpu, resources.limits.cpu)))--memory coalesce(resources.requests.memory, resources.limits.memory) * 90%--reserve-memory 0--overprovisioned coalesce(resources.requests.cpu, resources.limits.cpu) < 1000m
If neither a request nor a limit is provided for cpu or memory, the
corresponding flag will be omitted. As a result, setting resources.limits
and resources.requests to {} will result in redpanda being run without
--smp or --memory. (This is not recommended).
If the computed CLI flags are undesirable, they may be overridden by
specifying the desired value through statefulset.additionalRedpandaCmdFlags.
The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the Pod resources documentation.
Default:
{"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}}
resources.cpu
CPU resources. For details, see the Pod resources documentation.
Default: {"cores":1}
resources.cpu.cores
Redpanda makes use of a thread per core model. For details, see this blog. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is supported only from 24.3 Redpanda version. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy.
Default: 1
resources.memory
Memory resources For details, see the Pod resources documentation.
Default:
{"container":{"max":"2.5Gi"}}
resources.memory.container
Enables memory locking. For production, set to true. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect --memory and --reserve-memory flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create Guaranteed Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request.
Default: {"max":"2.5Gi"}
resources.memory.container.max
Maximum memory count for each Redpanda broker. Equivalent to resources.limits.memory. For production, use 10Gi or greater.
Default: "2.5Gi"
serviceAccount
Service account management.
Default:
{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""}
serviceAccount.annotations
Annotations to add to the service account.
Default: {}
serviceAccount.automountServiceAccountToken
Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers
Default: false
serviceAccount.create
Specifies whether a service account should be created.
Default: false
serviceAccount.name
The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the redpanda.fullname template.
Default: ""
statefulset.additionalRedpandaCmdFlags
Additional flags to pass to redpanda,
Default: []
statefulset.additionalSelectorLabels
Additional labels to be added to statefulset label selector. For example, my.k8s.service: redpanda.
Default: {}
statefulset.budget.maxUnavailable
Default: 1
statefulset.initContainerImage.repository
Default: "busybox"
statefulset.initContainerImage.tag
Default: "latest"
statefulset.initContainers.fsValidator.enabled
Default: false
statefulset.initContainers.fsValidator.expectedFS
Default: "xfs"
statefulset.initContainers.setDataDirOwnership.enabled
In environments where root is not allowed, you cannot change the ownership of files and directories. Enable setDataDirOwnership when using default minikube cluster configuration.
Default: false
statefulset.podAntiAffinity.custom
Change podAntiAffinity.type to custom and provide your own podAntiAffinity rules here.
Default: {}
statefulset.podAntiAffinity.topologyKey
The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc.
Default: "kubernetes.io/hostname"
statefulset.podAntiAffinity.type
Valid anti-affinity types are soft, hard, or custom. Use custom if you want to supply your own anti-affinity rules in the podAntiAffinity.custom object.
Default: "hard"
statefulset.podAntiAffinity.weight
Weight for soft anti-affinity rules. Does not apply to other anti-affinity types.
Default: 100
statefulset.podTemplate.annotations
Additional annotations to apply to the Pods of the StatefulSet.
Default: {}
statefulset.podTemplate.labels
Additional labels to apply to the Pods of the StatefulSet.
Default: {}
statefulset.podTemplate.spec
A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.
Default:
{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"app.kubernetes.io/component":"{{ include \"redpanda.name\" . }}-statefulset","app.kubernetes.io/instance":"{{ .Release.Name }}","app.kubernetes.io/name":"{{ include \"redpanda.name\" . }}"}},"topologyKey":"kubernetes.io/hostname"}]}},"nodeSelector":{},"priorityClassName":"","securityContext":{},"terminationGracePeriodSeconds":90,"tolerations":[],"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"app.kubernetes.io/component":"{{ include \"redpanda.name\" . }}-statefulset","app.kubernetes.io/instance":"{{ .Release.Name }}","app.kubernetes.io/name":"{{ include \"redpanda.name\" . }}"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}]}
statefulset.podTemplate.spec.nodeSelector
Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the Kubernetes documentation.
Default: {}
statefulset.podTemplate.spec.priorityClassName
PriorityClassName given to Pods of this StatefulSet. For details, see the Kubernetes documentation.
Default: ""
statefulset.podTemplate.spec.terminationGracePeriodSeconds
Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
Default: 90
statefulset.podTemplate.spec.tolerations
Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the Kubernetes documentation.
Default: []
statefulset.replicas
Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster)
Default: 3
statefulset.sideCars.brokerDecommissioner.decommissionAfter
Default: "60s"
statefulset.sideCars.brokerDecommissioner.decommissionRequeueTimeout
Default: "10s"
statefulset.sideCars.brokerDecommissioner.enabled
Default: false
statefulset.sideCars.configWatcher.enabled
Default: true
statefulset.sideCars.controllers.createRBAC
Default: true
statefulset.sideCars.controllers.enabled
Default: false
statefulset.sideCars.controllers.healthProbeAddress
Default: ":8085"
statefulset.sideCars.controllers.image.repository
Default:
"docker.redpanda.com/redpandadata/redpanda-operator"
statefulset.sideCars.controllers.image.tag
Default: "v2.3.8-24.3.6"
statefulset.sideCars.controllers.metricsAddress
Default: ":9082"
statefulset.sideCars.controllers.pprofAddress
Default: ":9083"
statefulset.sideCars.controllers.run[0]
Default: "all"
statefulset.sideCars.image.repository
Default:
"docker.redpanda.com/redpandadata/redpanda-operator"
statefulset.sideCars.image.tag
Default: "v2.3.8-24.3.6"
statefulset.sideCars.pvcUnbinder.enabled
Default: false
statefulset.sideCars.pvcUnbinder.unbindAfter
Default: "60s"
statefulset.updateStrategy.type
Default: "RollingUpdate"
storage
Persistence settings. For details, see the storage documentation.
Default:
{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"none","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}
storage.hostPath
Absolute path on the host to store Redpanda's data. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect.
Default: ""
storage.persistentVolume
If persistentVolume.enabled is true, a PersistentVolumeClaim is created and used to store Redpanda's data. Otherwise, storage.hostPath is used.
Default:
{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""}
storage.persistentVolume.annotations
Additional annotations to apply to the created PersistentVolumeClaims.
Default: {}
storage.persistentVolume.labels
Additional labels to apply to the created PersistentVolumeClaims.
Default: {}
storage.persistentVolume.nameOverwrite
Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume
Default: ""
storage.persistentVolume.storageClass
To disable dynamic provisioning, set to -. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).
Default: ""
storage.tiered.config
Tiered Storage settings Requires enterprise.licenseKey or enterprised.licenseSecretRef For details, see the Tiered Storage documentation. For a list of properties, see Object Storage Properties.
Default:
{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false}
storage.tiered.config.cloud_storage_cache_size
Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the property reference documentation.
Default: 5368709120
storage.tiered.config.cloud_storage_enable_remote_read
Cluster level default remote read configuration for new topics. See the property reference documentation.
Default: true
storage.tiered.config.cloud_storage_enable_remote_write
Cluster level default remote write configuration for new topics. See the property reference documentation.
Default: true
storage.tiered.config.cloud_storage_enabled
Global flag that enables Tiered Storage if a license key is provided. See the property reference documentation.
Default: false
storage.tiered.hostPath
Absolute path on the host to store Redpanda's Tiered Storage cache.
Default: ""
storage.tiered.persistentVolume.annotations
Additional annotations to apply to the created PersistentVolumeClaims.
Default: {}
storage.tiered.persistentVolume.labels
Additional labels to apply to the created PersistentVolumeClaims.
Default: {}
storage.tiered.persistentVolume.storageClass
To disable dynamic provisioning, set to "-". If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).
Default: ""
tests.enabled
Default: true
tls
TLS settings. For details, see the TLS documentation.
Default:
{"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true}
tls.certs
List all Certificates here, then you can reference a specific Certificate's name in each listener's listeners.<listener name>.tls.cert setting.
Default:
{"default":{"caEnabled":true},"external":{"caEnabled":true}}
tls.certs.default
This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate's name in listeners.<listener-name>.tls.cert.
Default: {"caEnabled":true}
tls.certs.default.caEnabled
Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container's CA certificates.
Default: true
tls.certs.external
Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners.
Default: {"caEnabled":true}
tls.certs.external.caEnabled
Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container's CA certificates.
Default: true
tls.enabled
Enable TLS globally for all listeners. Each listener must include a Certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, Certificates in auth.tls.certs are always loaded, even if tls.enabled is false. See listeners.<listener-name>.tls.enabled.
Default: true
tuning
Redpanda tuning settings. Each is set to their default values in Redpanda.
Default: {"tune_aio_events":true}
tuning.tune_aio_events
Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting tune_aio_events to false. For more details, see the tuning documentation.
Default: true
Merging Semantics
The redpanda chart implements a form of object merging that's roughly a middleground of JSON Merge Patch and Kubernetes' Strategic Merge Patch. This is done to aid end users in setting or overriding fields that are not directly exposed via the chart.
- Directives are not supported.
- List fields that are merged by a unique key in Kubernetes' SMP (e.g.
containers,env) will be merged in a similar awy. - Only fields explicitly allowed by the chart's JSON schema will be merged.
- Additional containers that are not present in the original value will NOT be added.
Documentation
¶
Overview ¶
+gotohelm:filename=_cert-issuers.go.tpl
+gotohelm:filename=_certs.go.tpl
+gotohelm:filename=_chart.go.tpl
+gotohelm:filename=_configmap.go.tpl
+gotohelm:filename=_console.go.tpl
+gotohelm:filename=_helpers.go.tpl
+gotohelm:filename=_notes.go.tpl
+gotohelm:filename=_poddisruptionbudget.go.tpl
+gotohelm:filename=_post-install-upgrade-job.go.tpl
+gotohelm:filename=_rbac.go.tpl
+gotohelm:filename=_secrets.go.tpl
+gotohelm:filename=_service.loadbalancer.go.tpl
+gotohelm:filename=_service.nodeport.go.tpl
+gotohelm:filename=_service.internal.go.tpl
+gotohelm:filename=_serviceaccount.go.tpl
+gotohelm:filename=_servicemonitor.go.tpl
+gotohelm:filename=_statefulset.go.tpl
+gotohelm:filename=_values.go.tpl
+gotohelm:ignore=true
Code generated by genpartial DO NOT EDIT.
+gotohelm:ignore=true
Index ¶
- Constants
- Variables
- func BootstrapFile(dot *helmette.Dot) string
- func BrokerList(dot *helmette.Dot, replicas int32, port int32) []string
- func CertIssuers(dot *helmette.Dot) []*certmanagerv1.Issuer
- func CertSecretName(dot *helmette.Dot, certName string, cert *TLSCert) string
- func ChartLabel(dot *helmette.Dot) string
- func ClientAuthRequired(dot *helmette.Dot) bool
- func ClientCerts(dot *helmette.Dot) []*certmanagerv1.Certificate
- func ClusterRoleBindings(dot *helmette.Dot) []*rbacv1.ClusterRoleBinding
- func ClusterRoles(dot *helmette.Dot) []*rbacv1.ClusterRole
- func CommonMounts(dot *helmette.Dot) []corev1.VolumeMount
- func CommonVolumes(dot *helmette.Dot) []corev1.Volume
- func ConfigMaps(dot *helmette.Dot) []*corev1.ConfigMap
- func ConsoleConfig(dot *helmette.Dot) map[string]any
- func DefaultMounts(dot *helmette.Dot) []corev1.VolumeMount
- func DefaultVolumes(dot *helmette.Dot) []corev1.Volume
- func FullLabels(dot *helmette.Dot) map[string]string
- func Fullname(dot *helmette.Dot) string
- func InternalDomain(dot *helmette.Dot) string
- func LoadBalancerServices(dot *helmette.Dot) []*corev1.Service
- func MonitoringEnabledLabel(dot *helmette.Dot) map[string]string
- func Name(dot *helmette.Dot) string
- func NodePortService(dot *helmette.Dot) *corev1.Service
- func Notes(dot *helmette.Dot) []string
- func ParseCLIArgs(args []string) map[string]string
- func PodDisruptionBudget(dot *helmette.Dot) *policyv1.PodDisruptionBudget
- func PostInstallUpgradeEnvironmentVariables(dot *helmette.Dot) []corev1.EnvVar
- func PostInstallUpgradeJob(dot *helmette.Dot) *batchv1.Job
- func RPKProfile(dot *helmette.Dot) *corev1.ConfigMap
- func RedpandaAdditionalStartFlags(values *Values) (bool, bool, []string)
- func RedpandaAtLeast_22_2_0(dot *helmette.Dot) bool
- func RedpandaAtLeast_22_2_atleast_22_2_10(dot *helmette.Dot) bool
- func RedpandaAtLeast_22_3_0(dot *helmette.Dot) bool
- func RedpandaAtLeast_22_3_atleast_22_3_13(dot *helmette.Dot) bool
- func RedpandaAtLeast_23_1_1(dot *helmette.Dot) bool
- func RedpandaAtLeast_23_1_2(dot *helmette.Dot) bool
- func RedpandaAtLeast_23_2_1(dot *helmette.Dot) bool
- func RedpandaAtLeast_23_3_0(dot *helmette.Dot) bool
- func RedpandaConfigFile(dot *helmette.Dot, includeNonHashableItems bool) string
- func RedpandaConfigMap(dot *helmette.Dot) *corev1.ConfigMap
- func RootCAs(dot *helmette.Dot) []*certmanagerv1.Certificate
- func RpkACLCreate(*helmette.Dot) string
- func RpkACLUserCreate(dot *helmette.Dot) string
- func RpkClusterInfo(*helmette.Dot) string
- func RpkSASLEnvironmentVariables(dot *helmette.Dot) string
- func RpkTopicCreate(dot *helmette.Dot) string
- func RpkTopicDelete(dot *helmette.Dot) string
- func RpkTopicDescribe(*helmette.Dot) string
- func SecretBootstrapUser(dot *helmette.Dot) *corev1.Secret
- func SecretConfigurator(dot *helmette.Dot) *corev1.Secret
- func SecretFSValidator(dot *helmette.Dot) *corev1.Secret
- func SecretSASLUsers(dot *helmette.Dot) *corev1.Secret
- func SecretSTSLifecycle(dot *helmette.Dot) *corev1.Secret
- func Secrets(dot *helmette.Dot) []*corev1.Secret
- func ServerList(replicas int32, prefix, fullname, internalDomain string, port int32) []string
- func ServiceAccount(dot *helmette.Dot) *corev1.ServiceAccount
- func ServiceAccountName(dot *helmette.Dot) string
- func ServiceInternal(dot *helmette.Dot) *corev1.Service
- func ServiceMonitor(dot *helmette.Dot) *monitoringv1.ServiceMonitor
- func ServiceName(dot *helmette.Dot) string
- func SidecarControllersClusterRole(dot *helmette.Dot) *rbacv1.ClusterRole
- func SidecarControllersClusterRoleBinding(dot *helmette.Dot) *rbacv1.ClusterRoleBinding
- func SidecarControllersRole(dot *helmette.Dot) *rbacv1.Role
- func SidecarControllersRoleBinding(dot *helmette.Dot) *rbacv1.RoleBinding
- func StatefulSet(dot *helmette.Dot) *appsv1.StatefulSet
- func StatefulSetContainers(dot *helmette.Dot) []corev1.Container
- func StatefulSetInitContainers(dot *helmette.Dot) []corev1.Container
- func StatefulSetPodLabels(dot *helmette.Dot) map[string]string
- func StatefulSetPodLabelsSelector(dot *helmette.Dot) map[string]string
- func StatefulSetVolumeMounts(dot *helmette.Dot) []corev1.VolumeMount
- func StatefulSetVolumes(dot *helmette.Dot) []corev1.Volume
- func StorageTieredConfig(dot *helmette.Dot) map[string]any
- func StrategicMergePatch(overrides PodTemplate, original corev1.PodTemplateSpec) corev1.PodTemplateSpec
- func StructuredTpl[T any](dot *helmette.Dot, in T) T
- func TLSEnabled(dot *helmette.Dot) bool
- func Tag(dot *helmette.Dot) string
- func Types() []kube.Object
- func Warnings(dot *helmette.Dot) []string
- type AdminExternal
- type AdminListeners
- type AuditLogging
- type Auth
- type BootstrapUser
- func (b *BootstrapUser) BootstrapEnvironment(fullname string) []corev1.EnvVar
- func (b *BootstrapUser) GetMechanism() SASLMechanism
- func (b *BootstrapUser) RpkEnvironment(fullname string) []corev1.EnvVar
- func (b *BootstrapUser) SecretKeySelector(fullname string) *corev1.SecretKeySelector
- func (b *BootstrapUser) Username() string
- type ClusterConfig
- type Config
- type ConsoleTLS
- type Enableable
- type Enterprise
- type ExternalConfig
- type ExternalListeners
- type ExternalTLS
- type HTTPAuthenticationMethod
- type HTTPExternal
- type HTTPListeners
- type Image
- type ImageTag
- type InternalTLS
- type IssuerRefKind
- type KafkaAuthenticationMethod
- type KafkaExternal
- type KafkaListeners
- func (l *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS
- func (KafkaListeners) JSONSchemaExtend(schema *jsonschema.Schema)
- func (l *KafkaListeners) Listeners(auth *Auth) []map[string]any
- func (l *KafkaListeners) ListenersTLS(tls *TLS) []map[string]any
- func (l *KafkaListeners) TrustStores(tls *TLS) []*TrustStore
- type Listeners
- func (l *Listeners) AdminList(replicas int32, fullname, internalDomain string) []string
- func (l *Listeners) CreateSeedServers(replicas int32, fullname, internalDomain string) []map[string]any
- func (l *Listeners) SchemaRegistryList(replicas int32, fullname, internalDomain string) []string
- func (l *Listeners) TrustStoreVolume(tls *TLS) *corev1.Volume
- func (l *Listeners) TrustStores(tls *TLS) []*TrustStore
- type Logging
- type MebiBytes
- type Monitoring
- type NodeConfig
- type PandaProxyClient
- type PartialAdminExternal
- type PartialAdminListeners
- type PartialAuditLogging
- type PartialAuth
- type PartialBootstrapUser
- type PartialClusterConfig
- type PartialConfig
- type PartialEnableable
- type PartialEnterprise
- type PartialExternalConfig
- type PartialExternalListeners
- type PartialExternalTLS
- type PartialHTTPExternal
- type PartialHTTPListeners
- type PartialImage
- type PartialInternalTLS
- type PartialKafkaExternal
- type PartialKafkaListeners
- type PartialListeners
- type PartialLogging
- type PartialMonitoring
- type PartialNodeConfig
- type PartialPandaProxyClient
- type PartialPodTemplate
- type PartialPostInstallJob
- type PartialRBAC
- type PartialRackAwareness
- type PartialRedpandaResources
- type PartialSASLAuth
- type PartialSASLUser
- type PartialSchemaRegistryClient
- type PartialSchemaRegistryExternal
- type PartialSchemaRegistryListeners
- type PartialSecretRef
- type PartialService
- type PartialServiceAccountCfg
- type PartialSidecars
- type PartialStatefulset
- type PartialStorage
- type PartialTLS
- type PartialTLSCert
- type PartialTLSCertMap
- type PartialTiered
- type PartialTieredStorageConfig
- type PartialTieredStorageCredentials
- type PartialTrustStore
- type PartialTunableConfig
- type PartialTuning
- type PartialValues
- type PodTemplate
- type PostInstallJob
- type RBAC
- type RackAwareness
- type RedpandaResources
- type ResourceQuantity
- type SASLAuth
- type SASLMechanism
- type SASLUser
- type SchemaRegistryClient
- type SchemaRegistryExternal
- type SchemaRegistryListeners
- func (l *SchemaRegistryListeners) ConsoleTLS(tls *TLS) ConsoleTLS
- func (SchemaRegistryListeners) JSONSchemaExtend(schema *jsonschema.Schema)
- func (l *SchemaRegistryListeners) Listeners(saslEnabled bool) []map[string]any
- func (l *SchemaRegistryListeners) ListenersTLS(tls *TLS) []map[string]any
- func (l *SchemaRegistryListeners) TrustStores(tls *TLS) []*TrustStore
- type SecretRef
- type Service
- type ServiceAccountCfg
- type Sidecars
- type Statefulset
- type Storage
- func (s *Storage) GetTieredStorageConfig() TieredStorageConfig
- func (s *Storage) GetTieredStorageHostPath() string
- func (s *Storage) IsTieredStorageEnabled() bool
- func (Storage) JSONSchemaExtend(schema *jsonschema.Schema)
- func (s *Storage) StorageMinFreeBytes() int64
- func (s *Storage) TieredCacheDirectory(dot *helmette.Dot) string
- func (s *Storage) TieredMountType() string
- func (s *Storage) TieredPersistentVolumeAnnotations() map[string]string
- func (s *Storage) TieredPersistentVolumeLabels() map[string]string
- func (s *Storage) TieredPersistentVolumeStorageClass() string
- type TLS
- type TLSCert
- type TLSCertMap
- type Tiered
- type TieredStorageConfig
- type TieredStorageCredentials
- type TrustStore
- type TunableConfig
- type Tuning
- type Values
Constants ¶
const ( // TrustStoreMountPath is the absolute path at which the // [corev1.VolumeProjection] of truststores will be mounted to the redpanda // container. (Without a trailing slash) TrustStoreMountPath = "/etc/truststores" // ServiceAccountVolumeName is the prefix name that will be added to volumes that mount ServiceAccount secrets // Reference // https://github.com/kubernetes/kubernetes/blob/c6669ea7d61af98da3a2aa8c1d2cdc9c2c57080a/plugin/pkg/admission/serviceaccount/admission.go#L52-L53 ServiceAccountVolumeName = "kube-api-access" // DefaultAPITokenMountPath is the path that ServiceAccountToken secrets are automounted to. // The token file would then be accessible at /var/run/secrets/kubernetes.io/serviceaccount // Reference // https://github.com/kubernetes/kubernetes/blob/c6669ea7d61af98da3a2aa8c1d2cdc9c2c57080a/plugin/pkg/admission/serviceaccount/admission.go#L55-L57 //nolint:gosec DefaultAPITokenMountPath = "/var/run/secrets/kubernetes.io/serviceaccount" )
const ( // RedpandaContainerName is the user facing name of the redpanda container // in the redpanda StatefulSet. RedpandaContainerName = "redpanda" // PostUpgradeContainerName is the user facing name of the post-install // job's container. PostInstallContainerName = "post-install" // RedpandaControllersContainerName is the container that can perform day // 2 operation similarly to Redpanda operator. RedpandaControllersContainerName = "redpanda-controllers" // RedpandaConfiguratorContainerName is the user facing name of the // redpanda-configurator init container in the redpanda StatefulSet. RedpandaConfiguratorContainerName = "redpanda-configurator" )
const DefaultSASLMechanism = SASLMechanism("SCRAM-SHA-512")
Variables ¶
var ( // Scheme is a [runtime.Scheme] with the appropriate extensions to load all // objects produced by the redpanda chart. Scheme = runtime.NewScheme() //go:embed Chart.lock //go:embed Chart.yaml //go:embed templates/* //go:embed values.schema.json //go:embed values.yaml ChartFiles embed.FS // Chart is the go version of the redpanda helm chart. Chart = gotohelm.MustLoad(ChartFiles, render, console.Chart) )
Functions ¶
func BootstrapFile ¶
BootstrapFile returns contents of `.bootstrap.yaml`. Keys that may be set via environment variables (such as tiered storage secrets) will have placeholders in the form of $ENVVARNAME. An init container is responsible for expanding said placeholders.
Convention is to name envvars $REDPANDA_SCREAMING_CASE_CLUSTER_PROPERTY_NAME. For example, cloud_storage_secret_key would be $REDPANDA_CLOUD_STORAGE_SECRET_KEY.
`.bootstrap.yaml` is templated and then read by both the redpanda container and the post install/upgrade job.
func CertIssuers ¶
func CertIssuers(dot *helmette.Dot) []*certmanagerv1.Issuer
func CertSecretName ¶
return correct secretName to use based if secretRef exists
func ChartLabel ¶
Create chart name and version as used by the chart label.
func ClientAuthRequired ¶
func ClientCerts ¶
func ClientCerts(dot *helmette.Dot) []*certmanagerv1.Certificate
func ClusterRoleBindings ¶
func ClusterRoleBindings(dot *helmette.Dot) []*rbacv1.ClusterRoleBinding
func ClusterRoles ¶
func ClusterRoles(dot *helmette.Dot) []*rbacv1.ClusterRole
func CommonMounts ¶
func CommonMounts(dot *helmette.Dot) []corev1.VolumeMount
mounts that are common to all containers
func CommonVolumes ¶
volumes that are common to all pods
func DefaultMounts ¶
func DefaultMounts(dot *helmette.Dot) []corev1.VolumeMount
mounts that are common to most containers
func FullLabels ¶
full helm labels + common labels
func Fullname ¶
Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
func ParseCLIArgs ¶
ParseCLIArgs parses a slice of strings intended for rpk's `additional_start_flags` field into a map to allow merging slices of flags or introspection thereof. Flags without values are not differentiated between flags with values of an empty string. e.g. --value and --value=” are represented the same way.
func PodDisruptionBudget ¶
func PodDisruptionBudget(dot *helmette.Dot) *policyv1.PodDisruptionBudget
func PostInstallUpgradeEnvironmentVariables ¶
PostInstallUpgradeEnvironmentVariables returns environment variables assigned to Redpanda container.
func RPKProfile ¶
RPKProfile returns a corev1.ConfigMap for aiding users in connecting to the external listeners of their redpanda cluster. It is meant for external consumption via NOTES.txt and is not used within this chart.
func RedpandaAdditionalStartFlags ¶
RedpandaAdditionalStartFlags returns a string slice of flags suitable for use as `additional_start_flags`. User provided flags will override any of those set by default.
func RedpandaAtLeast_22_2_0 ¶
func RedpandaAtLeast_22_3_0 ¶
func RedpandaAtLeast_23_1_1 ¶
func RedpandaAtLeast_23_1_2 ¶
func RedpandaAtLeast_23_2_1 ¶
func RedpandaAtLeast_23_3_0 ¶
func RedpandaConfigFile ¶
func RootCAs ¶
func RootCAs(dot *helmette.Dot) []*certmanagerv1.Certificate
func RpkACLCreate ¶
func RpkACLUserCreate ¶
func RpkClusterInfo ¶
func RpkSASLEnvironmentVariables ¶
was: rpk sasl environment variables
This will return a string with the correct environment variables to use for SASL based on the version of the redpanda container being used
func RpkTopicCreate ¶
func RpkTopicDelete ¶
func RpkTopicDescribe ¶
func ServerList ¶
func ServiceAccount ¶
func ServiceAccount(dot *helmette.Dot) *corev1.ServiceAccount
func ServiceAccountName ¶
Create the name of the service account to use
func ServiceMonitor ¶
func ServiceMonitor(dot *helmette.Dot) *monitoringv1.ServiceMonitor
func SidecarControllersClusterRole ¶
func SidecarControllersClusterRole(dot *helmette.Dot) *rbacv1.ClusterRole
func SidecarControllersClusterRoleBinding ¶
func SidecarControllersClusterRoleBinding(dot *helmette.Dot) *rbacv1.ClusterRoleBinding
func SidecarControllersRoleBinding ¶
func SidecarControllersRoleBinding(dot *helmette.Dot) *rbacv1.RoleBinding
func StatefulSet ¶
func StatefulSet(dot *helmette.Dot) *appsv1.StatefulSet
func StatefulSetPodLabels ¶
StatefulSetPodLabels returns the label that includes label selector for the Redpanda PodTemplate. If this helm release is an upgrade, the existing statefulset's pod template labels will be used as it's an immutable field.
func StatefulSetPodLabelsSelector ¶
StatefulSetPodLabelsSelector returns the label selector for the Redpanda StatefulSet. If this helm release is an upgrade, the existing statefulset's label selector will be used as it's an immutable field.
func StatefulSetVolumeMounts ¶
func StatefulSetVolumeMounts(dot *helmette.Dot) []corev1.VolumeMount
StatefulSetRedpandaMounts returns the VolumeMounts for the Redpanda Container of the Redpanda StatefulSet.
func StatefulSetVolumes ¶
StatefulSetVolumes returns the [corev1.Volume]s for the Redpanda StatefulSet.
func StorageTieredConfig ¶
StorageTieredConfig was: storage-tiered-config Wrap this up since there are helm tests that require it
func StrategicMergePatch ¶
func StrategicMergePatch(overrides PodTemplate, original corev1.PodTemplateSpec) corev1.PodTemplateSpec
StrategicMergePatch is a half-baked implementation of Kubernetes' strategic merge patch. It's closer to a merge patch with smart handling of lists that's tailored to the values permitted by PodTemplate.
func StructuredTpl ¶
StructuredTpl (inefficiently) recurses through all fields of T and expands any string fields containing template delimiters with helmette.Tpl.
func TLSEnabled ¶
check if client auth is enabled for any of the listeners
func Types ¶
Types returns a slice containing the set of all kube.Object types that could be returned by the redpanda chart. +gotohelm:ignore=true
Types ¶
type AdminExternal ¶
type AdminExternal struct {
// Enabled indicates if this listener is enabled. If not specified,
// defaults to the value of [ExternalConfig.Enabled].
Enabled *bool `json:"enabled"`
AdvertisedPorts []int32 `json:"advertisedPorts" jsonschema:"minItems=1"`
Port int32 `json:"port" jsonschema:"required"`
NodePort *int32 `json:"nodePort"`
TLS *ExternalTLS `json:"tls"`
}
func (*AdminExternal) IsEnabled ¶
func (l *AdminExternal) IsEnabled() bool
type AdminListeners ¶
type AdminListeners struct {
External ExternalListeners[AdminExternal] `json:"external"`
Port int32 `json:"port" jsonschema:"required"`
AppProtocol *string `json:"appProtocol,omitempty"`
TLS InternalTLS `json:"tls" jsonschema:"required"`
}
func (*AdminListeners) ConsoleTLS ¶
func (l *AdminListeners) ConsoleTLS(tls *TLS) ConsoleTLS
func (*AdminListeners) Listeners ¶
func (l *AdminListeners) Listeners() []map[string]any
func (*AdminListeners) ListenersTLS ¶
func (l *AdminListeners) ListenersTLS(tls *TLS) []map[string]any
func (*AdminListeners) TrustStores ¶
func (l *AdminListeners) TrustStores(tls *TLS) []*TrustStore
TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.
type AuditLogging ¶
type AuditLogging struct {
Enabled bool `json:"enabled"`
Listener string `json:"listener"`
Partitions int `json:"partitions"`
EnabledEventTypes []string `json:"enabledEventTypes"`
ExcludedTopics []string `json:"excludedTopics"`
ExcludedPrincipals []string `json:"excludedPrincipals"`
ClientMaxBufferSize int `json:"clientMaxBufferSize"`
QueueDrainIntervalMS int `json:"queueDrainIntervalMs"`
QueueMaxBufferSizeperShard int `json:"queueMaxBufferSizePerShard"`
ReplicationFactor int `json:"replicationFactor"`
}
func (AuditLogging) JSONSchemaExtend ¶
func (AuditLogging) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type Auth ¶
type Auth struct {
SASL *SASLAuth `json:"sasl" jsonschema:"required"`
}
func (*Auth) IsSASLEnabled ¶
type BootstrapUser ¶
type BootstrapUser struct {
Name *string `json:"name"`
SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef"`
Password *string `json:"password"`
Mechanism SASLMechanism `json:"mechanism"`
}
func (*BootstrapUser) BootstrapEnvironment ¶
func (b *BootstrapUser) BootstrapEnvironment(fullname string) []corev1.EnvVar
func (*BootstrapUser) GetMechanism ¶
func (b *BootstrapUser) GetMechanism() SASLMechanism
func (*BootstrapUser) RpkEnvironment ¶
func (b *BootstrapUser) RpkEnvironment(fullname string) []corev1.EnvVar
func (*BootstrapUser) SecretKeySelector ¶
func (b *BootstrapUser) SecretKeySelector(fullname string) *corev1.SecretKeySelector
func (*BootstrapUser) Username ¶
func (b *BootstrapUser) Username() string
type ClusterConfig ¶
func (*ClusterConfig) Translate ¶
func (c *ClusterConfig) Translate() map[string]any
type Config ¶
type Config struct {
Cluster ClusterConfig `json:"cluster" jsonschema:"required"`
Node NodeConfig `json:"node" jsonschema:"required"`
RPK map[string]any `json:"rpk"`
SchemaRegistryClient *SchemaRegistryClient `json:"schema_registry_client"`
PandaProxyClient *PandaProxyClient `json:"pandaproxy_client"`
Tunable TunableConfig `json:"tunable" jsonschema:"required"`
}
func (*Config) CreateRPKConfiguration ¶
type ConsoleTLS ¶
type ConsoleTLS struct {
Enabled bool `json:"enabled"`
CaFilepath string `json:"caFilepath"`
CertFilepath string `json:"certFilepath"`
KeyFilepath string `json:"keyFilepath"`
InsecureSkipTLSVerify bool `json:"insecureSkipTlsVerify"`
}
ConsoleTLS is a struct that represents TLS configuration used in console configuration in Kafka, Schema Registry and Redpanda Admin API. For the above configuration helm chart could import struct, but as of the writing the struct fields tag have only `yaml` annotation. `sigs.k8s.io/yaml` requires `json` tags.
type Enableable ¶
type Enableable struct {
Enabled bool `json:"enabled" jsonschema:"required"`
}
type Enterprise ¶
type Enterprise struct {
License string `json:"license"`
LicenseSecretRef *corev1.SecretKeySelector `json:"licenseSecretRef,omitempty"`
}
func (Enterprise) JSONSchemaExtend ¶
func (Enterprise) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type ExternalConfig ¶
type ExternalConfig struct {
Addresses []string `json:"addresses"`
Annotations map[string]string `json:"annotations"`
Domain *string `json:"domain"`
Enabled bool `json:"enabled" jsonschema:"required"`
Type corev1.ServiceType `json:"type" jsonschema:"pattern=^(LoadBalancer|NodePort)$"`
PrefixTemplate string `json:"prefixTemplate"`
SourceRanges []string `json:"sourceRanges"`
Service Enableable `json:"service"`
ExternalDNS *Enableable `json:"externalDns"`
}
type ExternalListeners ¶
func (ExternalListeners[T]) JSONSchemaExtend ¶
func (ExternalListeners[T]) JSONSchemaExtend(schema *jsonschema.Schema)
type ExternalTLS ¶
type ExternalTLS struct {
// Enabled, when `false`, indicates that this struct should treated as if
// it was not specified. If `nil`, defaults to [InternalTLS.Enabled].
// Prefer to use `IsEnabled` rather than checking this field directly.
Enabled *bool `json:"enabled"`
Cert *string `json:"cert"`
RequireClientAuth *bool `json:"requireClientAuth"`
TrustStore *TrustStore `json:"trustStore"`
}
ExternalTLS is the TLS configuration associated with a given "external" listener. The schema is more loose than InternalTLS. All fields have default values but are interpreted differently depending on their context (IE kafka vs schemaRegistry) tread lightly.
func (*ExternalTLS) GetCert ¶
func (t *ExternalTLS) GetCert(i *InternalTLS, tls *TLS) *TLSCert
func (*ExternalTLS) GetCertName ¶
func (t *ExternalTLS) GetCertName(i *InternalTLS) string
func (*ExternalTLS) IsEnabled ¶
func (t *ExternalTLS) IsEnabled(i *InternalTLS, tls *TLS) bool
IsEnabled reports the value of [ExternalTLS.Enabled], falling back to InternalTLS.IsEnabled if not specified.
func (*ExternalTLS) TrustStoreFilePath ¶
func (t *ExternalTLS) TrustStoreFilePath(i *InternalTLS, tls *TLS) string
type HTTPAuthenticationMethod ¶
type HTTPAuthenticationMethod string
func (HTTPAuthenticationMethod) JSONSchemaExtend ¶
func (HTTPAuthenticationMethod) JSONSchemaExtend(s *jsonschema.Schema)
type HTTPExternal ¶
type HTTPExternal struct {
// Enabled indicates if this listener is enabled. If not specified,
// defaults to the value of [ExternalConfig.Enabled].
Enabled *bool `json:"enabled"`
AdvertisedPorts []int32 `json:"advertisedPorts" jsonschema:"minItems=1"`
Port int32 `json:"port" jsonschema:"required"`
NodePort *int32 `json:"nodePort"`
AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
PrefixTemplate *string `json:"prefixTemplate"`
TLS *ExternalTLS `json:"tls" jsonschema:"required"`
}
func (*HTTPExternal) IsEnabled ¶
func (l *HTTPExternal) IsEnabled() bool
func (HTTPExternal) JSONSchemaExtend ¶
func (HTTPExternal) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type HTTPListeners ¶
type HTTPListeners struct {
Enabled bool `json:"enabled" jsonschema:"required"`
External ExternalListeners[HTTPExternal] `json:"external"`
AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
TLS InternalTLS `json:"tls" jsonschema:"required"`
KafkaEndpoint string `json:"kafkaEndpoint" jsonschema:"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$"`
Port int32 `json:"port" jsonschema:"required"`
}
func (HTTPListeners) JSONSchemaExtend ¶
func (HTTPListeners) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*HTTPListeners) Listeners ¶
func (l *HTTPListeners) Listeners(saslEnabled bool) []map[string]any
func (*HTTPListeners) ListenersTLS ¶
func (l *HTTPListeners) ListenersTLS(tls *TLS) []map[string]any
func (*HTTPListeners) TrustStores ¶
func (l *HTTPListeners) TrustStores(tls *TLS) []*TrustStore
TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.
type Image ¶
type Image struct {
Repository string `json:"repository" jsonschema:"required,default=docker.redpanda.com/redpandadata/redpanda"`
Tag ImageTag `json:"tag" jsonschema:"default=Chart.appVersion"`
PullPolicy corev1.PullPolicy `json:"pullPolicy" jsonschema:"required"`
}
func (Image) JSONSchemaExtend ¶
func (Image) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type ImageTag ¶
type ImageTag string
func (ImageTag) JSONSchemaExtend ¶
func (ImageTag) JSONSchemaExtend(schema *jsonschema.Schema)
type InternalTLS ¶
type InternalTLS struct {
Enabled *bool `json:"enabled"`
Cert string `json:"cert" jsonschema:"required"`
RequireClientAuth bool `json:"requireClientAuth" jsonschema:"required"`
TrustStore *TrustStore `json:"trustStore"`
}
InternalTLS is the TLS configuration for "internal" listeners. Internal listeners all have default values specified within values.yaml which allows us to be more strict about the schema here. TODO Unify this struct with ExternalTLS and/or remove the concept of internal and external listeners all together.
func (*InternalTLS) IsEnabled ¶
func (t *InternalTLS) IsEnabled(tls *TLS) bool
IsEnabled reports the value of [InternalTLS.Enabled], falling back to [TLS.Enabled] if not specified.
func (*InternalTLS) ServerCAPath ¶
func (t *InternalTLS) ServerCAPath(tls *TLS) string
ServerCAPath returns the path on disk to a certificate that may be used to verify a connection with this server.
func (*InternalTLS) TrustStoreFilePath ¶
func (t *InternalTLS) TrustStoreFilePath(tls *TLS) string
type IssuerRefKind ¶
type IssuerRefKind string
func (IssuerRefKind) JSONSchemaExtend ¶
func (IssuerRefKind) JSONSchemaExtend(schema *jsonschema.Schema)
type KafkaAuthenticationMethod ¶
type KafkaAuthenticationMethod string
func (KafkaAuthenticationMethod) JSONSchemaExtend ¶
func (KafkaAuthenticationMethod) JSONSchemaExtend(s *jsonschema.Schema)
type KafkaExternal ¶
type KafkaExternal struct {
// Enabled indicates if this listener is enabled. If not specified,
// defaults to the value of [ExternalConfig.Enabled].
Enabled *bool `json:"enabled"`
AdvertisedPorts []int32 `json:"advertisedPorts" jsonschema:"minItems=1"`
Port int32 `json:"port" jsonschema:"required"`
// TODO CHECK NODE PORT USAGE
NodePort *int32 `json:"nodePort"`
AuthenticationMethod *KafkaAuthenticationMethod `json:"authenticationMethod"`
PrefixTemplate *string `json:"prefixTemplate"`
TLS *ExternalTLS `json:"tls"`
}
func (*KafkaExternal) IsEnabled ¶
func (l *KafkaExternal) IsEnabled() bool
func (KafkaExternal) JSONSchemaExtend ¶
func (KafkaExternal) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type KafkaListeners ¶
type KafkaListeners struct {
AuthenticationMethod *KafkaAuthenticationMethod `json:"authenticationMethod"`
External ExternalListeners[KafkaExternal] `json:"external"`
TLS InternalTLS `json:"tls" jsonschema:"required"`
Port int32 `json:"port" jsonschema:"required"`
}
func (*KafkaListeners) ConsoleTLS ¶
func (l *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS
func (KafkaListeners) JSONSchemaExtend ¶
func (KafkaListeners) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*KafkaListeners) Listeners ¶
func (l *KafkaListeners) Listeners(auth *Auth) []map[string]any
Listeners returns a slice of maps suitable for use as the value of `kafka_api` in a redpanda.yml file.
func (*KafkaListeners) ListenersTLS ¶
func (l *KafkaListeners) ListenersTLS(tls *TLS) []map[string]any
ListenersTLS returns a slice of maps suitable for use as the value of `kafka_api_tls` in a redpanda.yml file.
func (*KafkaListeners) TrustStores ¶
func (l *KafkaListeners) TrustStores(tls *TLS) []*TrustStore
TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.
type Listeners ¶
type Listeners struct {
Admin AdminListeners `json:"admin" jsonschema:"required"`
HTTP HTTPListeners `json:"http" jsonschema:"required"`
Kafka KafkaListeners `json:"kafka" jsonschema:"required"`
SchemaRegistry SchemaRegistryListeners `json:"schemaRegistry" jsonschema:"required"`
RPC struct {
Port int32 `json:"port" jsonschema:"required"`
TLS InternalTLS `json:"tls" jsonschema:"required"`
} `json:"rpc" jsonschema:"required"`
}
func (*Listeners) CreateSeedServers ¶
func (*Listeners) SchemaRegistryList ¶
func (*Listeners) TrustStoreVolume ¶
TrustStoreVolume returns a corev1.Volume containing a projected volume that mounts all required truststore files. If no truststores are configured, it returns nil.
func (*Listeners) TrustStores ¶
func (l *Listeners) TrustStores(tls *TLS) []*TrustStore
TrustStores returns an aggregate slice of all "active" [TrustStore]s across all listeners.
type Logging ¶
type Monitoring ¶
type Monitoring struct {
Enabled bool `json:"enabled" jsonschema:"required"`
ScrapeInterval monitoringv1.Duration `json:"scrapeInterval" jsonschema:"required"`
Labels map[string]string `json:"labels"`
TLSConfig *monitoringv1.TLSConfig `json:"tlsConfig"`
EnableHTTP2 *bool `json:"enableHttp2"`
}
type NodeConfig ¶
func (*NodeConfig) Translate ¶
func (c *NodeConfig) Translate() map[string]any
type PandaProxyClient ¶
type PandaProxyClient struct {
Retries int `json:"retries"`
RetryBaseBackoffMS int `json:"retry_base_backoff_ms"`
ProduceBatchRecordCount int `json:"produce_batch_record_count"`
ProduceBatchSizeBytes int `json:"produce_batch_size_bytes"`
ProduceBatchDelayMS int `json:"produce_batch_delay_ms"`
ConsumerRequestTimeoutMS int `json:"consumer_request_timeout_ms"`
ConsumerRequestMaxBytes int `json:"consumer_request_max_bytes"`
ConsumerSessionTimeoutMS int `json:"consumer_session_timeout_ms"`
ConsumerRebalanceTimeoutMS int `json:"consumer_rebalance_timeout_ms"`
ConsumerHeartbeatIntervalMS int `json:"consumer_heartbeat_interval_ms"`
}
type PartialAdminExternal ¶
type PartialAdminExternal struct {
Enabled *bool "json:\"enabled,omitempty\""
AdvertisedPorts []int32 "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
NodePort *int32 "json:\"nodePort,omitempty\""
TLS *PartialExternalTLS "json:\"tls,omitempty\""
}
type PartialAdminListeners ¶
type PartialAdminListeners struct {
External PartialExternalListeners[PartialAdminExternal] "json:\"external,omitempty\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
AppProtocol *string "json:\"appProtocol,omitempty\""
TLS *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
}
type PartialAuditLogging ¶
type PartialAuditLogging struct {
Enabled *bool "json:\"enabled,omitempty\""
Listener *string "json:\"listener,omitempty\""
Partitions *int "json:\"partitions,omitempty\""
EnabledEventTypes []string "json:\"enabledEventTypes,omitempty\""
ExcludedTopics []string "json:\"excludedTopics,omitempty\""
ExcludedPrincipals []string "json:\"excludedPrincipals,omitempty\""
ClientMaxBufferSize *int "json:\"clientMaxBufferSize,omitempty\""
QueueDrainIntervalMS *int "json:\"queueDrainIntervalMs,omitempty\""
QueueMaxBufferSizeperShard *int "json:\"queueMaxBufferSizePerShard,omitempty\""
ReplicationFactor *int "json:\"replicationFactor,omitempty\""
}
type PartialAuth ¶
type PartialAuth struct {
SASL *PartialSASLAuth "json:\"sasl,omitempty\" jsonschema:\"required\""
}
type PartialBootstrapUser ¶
type PartialBootstrapUser struct {
Name *string "json:\"name,omitempty\""
SecretKeyRef *corev1.SecretKeySelector "json:\"secretKeyRef,omitempty\""
Password *string "json:\"password,omitempty\""
Mechanism *SASLMechanism "json:\"mechanism,omitempty\""
}
type PartialClusterConfig ¶
type PartialConfig ¶
type PartialConfig struct {
Cluster PartialClusterConfig "json:\"cluster,omitempty\" jsonschema:\"required\""
Node PartialNodeConfig "json:\"node,omitempty\" jsonschema:\"required\""
RPK map[string]any "json:\"rpk,omitempty\""
SchemaRegistryClient *PartialSchemaRegistryClient "json:\"schema_registry_client,omitempty\""
PandaProxyClient *PartialPandaProxyClient "json:\"pandaproxy_client,omitempty\""
Tunable PartialTunableConfig "json:\"tunable,omitempty\" jsonschema:\"required\""
}
type PartialEnableable ¶
type PartialEnableable struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
}
type PartialEnterprise ¶
type PartialEnterprise struct {
License *string "json:\"license,omitempty\""
LicenseSecretRef *corev1.SecretKeySelector "json:\"licenseSecretRef,omitempty\""
}
type PartialExternalConfig ¶
type PartialExternalConfig struct {
Addresses []string "json:\"addresses,omitempty\""
Annotations map[string]string "json:\"annotations,omitempty\""
Domain *string "json:\"domain,omitempty\""
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
Type *corev1.ServiceType "json:\"type,omitempty\" jsonschema:\"pattern=^(LoadBalancer|NodePort)$\""
PrefixTemplate *string "json:\"prefixTemplate,omitempty\""
SourceRanges []string "json:\"sourceRanges,omitempty\""
Service *PartialEnableable "json:\"service,omitempty\""
ExternalDNS *PartialEnableable "json:\"externalDns,omitempty\""
}
type PartialExternalTLS ¶
type PartialExternalTLS struct {
Enabled *bool "json:\"enabled,omitempty\""
Cert *string "json:\"cert,omitempty\""
RequireClientAuth *bool "json:\"requireClientAuth,omitempty\""
TrustStore *PartialTrustStore "json:\"trustStore,omitempty\""
}
type PartialHTTPExternal ¶
type PartialHTTPExternal struct {
Enabled *bool "json:\"enabled,omitempty\""
AdvertisedPorts []int32 "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
NodePort *int32 "json:\"nodePort,omitempty\""
AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
PrefixTemplate *string "json:\"prefixTemplate,omitempty\""
TLS *PartialExternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
}
type PartialHTTPListeners ¶
type PartialHTTPListeners struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
External PartialExternalListeners[PartialHTTPExternal] "json:\"external,omitempty\""
AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
TLS *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
KafkaEndpoint *string "json:\"kafkaEndpoint,omitempty\" jsonschema:\"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
}
type PartialImage ¶
type PartialImage struct {
Repository *string "json:\"repository,omitempty\" jsonschema:\"required,default=docker.redpanda.com/redpandadata/redpanda\""
Tag *ImageTag "json:\"tag,omitempty\" jsonschema:\"default=Chart.appVersion\""
PullPolicy *corev1.PullPolicy "json:\"pullPolicy,omitempty\" jsonschema:\"required\""
}
type PartialInternalTLS ¶
type PartialInternalTLS struct {
Enabled *bool "json:\"enabled,omitempty\""
Cert *string "json:\"cert,omitempty\" jsonschema:\"required\""
RequireClientAuth *bool "json:\"requireClientAuth,omitempty\" jsonschema:\"required\""
TrustStore *PartialTrustStore "json:\"trustStore,omitempty\""
}
type PartialKafkaExternal ¶
type PartialKafkaExternal struct {
Enabled *bool "json:\"enabled,omitempty\""
AdvertisedPorts []int32 "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
NodePort *int32 "json:\"nodePort,omitempty\""
AuthenticationMethod *KafkaAuthenticationMethod "json:\"authenticationMethod,omitempty\""
PrefixTemplate *string "json:\"prefixTemplate,omitempty\""
TLS *PartialExternalTLS "json:\"tls,omitempty\""
}
type PartialKafkaListeners ¶
type PartialKafkaListeners struct {
AuthenticationMethod *KafkaAuthenticationMethod "json:\"authenticationMethod,omitempty\""
External PartialExternalListeners[PartialKafkaExternal] "json:\"external,omitempty\""
TLS *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
}
type PartialListeners ¶
type PartialListeners struct {
Admin *PartialAdminListeners "json:\"admin,omitempty\" jsonschema:\"required\""
HTTP *PartialHTTPListeners "json:\"http,omitempty\" jsonschema:\"required\""
Kafka *PartialKafkaListeners "json:\"kafka,omitempty\" jsonschema:\"required\""
SchemaRegistry *PartialSchemaRegistryListeners "json:\"schemaRegistry,omitempty\" jsonschema:\"required\""
RPC *struct {
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
TLS *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
} "json:\"rpc,omitempty\" jsonschema:\"required\""
}
type PartialLogging ¶
type PartialLogging struct {
LogLevel *string "json:\"logLevel,omitempty\" jsonschema:\"required,pattern=^(error|warn|info|debug|trace)$\""
UseageStats *struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
ClusterID *string "json:\"clusterId,omitempty\""
} "json:\"usageStats,omitempty\" jsonschema:\"required\""
}
type PartialMonitoring ¶
type PartialMonitoring struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
ScrapeInterval *monitoringv1.Duration "json:\"scrapeInterval,omitempty\" jsonschema:\"required\""
Labels map[string]string "json:\"labels,omitempty\""
TLSConfig *monitoringv1.TLSConfig "json:\"tlsConfig,omitempty\""
EnableHTTP2 *bool "json:\"enableHttp2,omitempty\""
}
type PartialNodeConfig ¶
type PartialPandaProxyClient ¶
type PartialPandaProxyClient struct {
Retries *int "json:\"retries,omitempty\""
RetryBaseBackoffMS *int "json:\"retry_base_backoff_ms,omitempty\""
ProduceBatchRecordCount *int "json:\"produce_batch_record_count,omitempty\""
ProduceBatchSizeBytes *int "json:\"produce_batch_size_bytes,omitempty\""
ProduceBatchDelayMS *int "json:\"produce_batch_delay_ms,omitempty\""
ConsumerRequestTimeoutMS *int "json:\"consumer_request_timeout_ms,omitempty\""
ConsumerRequestMaxBytes *int "json:\"consumer_request_max_bytes,omitempty\""
ConsumerSessionTimeoutMS *int "json:\"consumer_session_timeout_ms,omitempty\""
ConsumerRebalanceTimeoutMS *int "json:\"consumer_rebalance_timeout_ms,omitempty\""
ConsumerHeartbeatIntervalMS *int "json:\"consumer_heartbeat_interval_ms,omitempty\""
}
type PartialPodTemplate ¶
type PartialPodTemplate struct {
Labels map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
Spec *applycorev1.PodSpecApplyConfiguration "json:\"spec,omitempty\""
}
type PartialPostInstallJob ¶
type PartialRBAC ¶
type PartialRackAwareness ¶
type PartialRedpandaResources ¶
type PartialRedpandaResources struct {
Limits *corev1.ResourceList "json:\"limits,omitempty\""
Requests *corev1.ResourceList "json:\"requests,omitempty\""
CPU *struct {
Cores *resource.Quantity "json:\"cores,omitempty\" jsonschema:\"required\""
Overprovisioned *bool "json:\"overprovisioned,omitempty\""
} "json:\"cpu,omitempty\" jsonschema:\"required\""
Memory *struct {
EnableMemoryLocking *bool "json:\"enable_memory_locking,omitempty\""
Container *struct {
Min *resource.Quantity "json:\"min,omitempty\""
Max *resource.Quantity "json:\"max,omitempty\" jsonschema:\"required\""
} "json:\"container,omitempty\" jsonschema:\"required\""
Redpanda *struct {
Memory *resource.Quantity "json:\"memory,omitempty\""
ReserveMemory *resource.Quantity "json:\"reserveMemory,omitempty\""
} "json:\"redpanda,omitempty\""
} "json:\"memory,omitempty\" jsonschema:\"required\""
}
type PartialSASLAuth ¶
type PartialSASLAuth struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
Mechanism *SASLMechanism "json:\"mechanism,omitempty\""
SecretRef *string "json:\"secretRef,omitempty\""
Users []PartialSASLUser "json:\"users,omitempty\""
BootstrapUser *PartialBootstrapUser "json:\"bootstrapUser,omitempty\""
}
type PartialSASLUser ¶
type PartialSASLUser struct {
Name *string "json:\"name,omitempty\""
Password *string "json:\"password,omitempty\""
Mechanism *SASLMechanism "json:\"mechanism,omitempty\""
}
type PartialSchemaRegistryClient ¶
type PartialSchemaRegistryClient struct {
Retries *int "json:\"retries,omitempty\""
RetryBaseBackoffMS *int "json:\"retry_base_backoff_ms,omitempty\""
ProduceBatchRecordCount *int "json:\"produce_batch_record_count,omitempty\""
ProduceBatchSizeBytes *int "json:\"produce_batch_size_bytes,omitempty\""
ProduceBatchDelayMS *int "json:\"produce_batch_delay_ms,omitempty\""
ConsumerRequestTimeoutMS *int "json:\"consumer_request_timeout_ms,omitempty\""
ConsumerRequestMaxBytes *int "json:\"consumer_request_max_bytes,omitempty\""
ConsumerSessionTimeoutMS *int "json:\"consumer_session_timeout_ms,omitempty\""
ConsumerRebalanceTimeoutMS *int "json:\"consumer_rebalance_timeout_ms,omitempty\""
ConsumerHeartbeatIntervalMS *int "json:\"consumer_heartbeat_interval_ms,omitempty\""
}
type PartialSchemaRegistryExternal ¶
type PartialSchemaRegistryExternal struct {
Enabled *bool "json:\"enabled,omitempty\""
AdvertisedPorts []int32 "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
Port *int32 "json:\"port,omitempty\""
NodePort *int32 "json:\"nodePort,omitempty\""
AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
TLS *PartialExternalTLS "json:\"tls,omitempty\""
}
type PartialSchemaRegistryListeners ¶
type PartialSchemaRegistryListeners struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
External PartialExternalListeners[PartialSchemaRegistryExternal] "json:\"external,omitempty\""
AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
KafkaEndpoint *string "json:\"kafkaEndpoint,omitempty\" jsonschema:\"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$\""
Port *int32 "json:\"port,omitempty\" jsonschema:\"required\""
TLS *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
}
type PartialSecretRef ¶
type PartialService ¶
type PartialServiceAccountCfg ¶
type PartialServiceAccountCfg struct {
Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
AutomountServiceAccountToken *bool "json:\"automountServiceAccountToken,omitempty\""
Create *bool "json:\"create,omitempty\" jsonschema:\"required\""
Name *string "json:\"name,omitempty\" jsonschema:\"required\""
}
type PartialSidecars ¶
type PartialSidecars struct {
Image *struct {
Tag *ImageTag "json:\"tag,omitempty\" jsonschema:\"required,default=Chart.appVersion\""
Repository *string "json:\"repository,omitempty\" jsonschema:\"required,default=docker.redpanda.com/redpandadata/redpanda-operator\""
} "json:\"image,omitempty\""
PVCUnbinder *struct {
Enabled *bool "json:\"enabled,omitempty\""
UnbindAfter *string "json:\"unbindAfter,omitempty\""
} "json:\"pvcUnbinder,omitempty\""
BrokerDecommissioner *struct {
Enabled *bool "json:\"enabled,omitempty\""
DecommissionAfter *string "json:\"decommissionAfter,omitempty\""
DecommissionRequeueTimeout *string "json:\"decommissionRequeueTimeout,omitempty\""
} "json:\"brokerDecommissioner,omitempty\""
ConfigWatcher *struct {
Enabled *bool "json:\"enabled,omitempty\""
} "json:\"configWatcher,omitempty\""
Controllers *struct {
Image *struct {
Tag *ImageTag "json:\"tag,omitempty\" jsonschema:\"required,default=Chart.appVersion\""
Repository *string "json:\"repository,omitempty\" jsonschema:\"required,default=docker.redpanda.com/redpandadata/redpanda-operator\""
} "json:\"image,omitempty\""
Enabled *bool "json:\"enabled,omitempty\""
CreateRBAC *bool "json:\"createRBAC,omitempty\""
HealthProbeAddress *string "json:\"healthProbeAddress,omitempty\""
MetricsAddress *string "json:\"metricsAddress,omitempty\""
PprofAddress *string "json:\"pprofAddress,omitempty\""
Run []string "json:\"run,omitempty\""
} "json:\"controllers,omitempty\""
}
type PartialStatefulset ¶
type PartialStatefulset struct {
AdditionalSelectorLabels map[string]string "json:\"additionalSelectorLabels,omitempty\" jsonschema:\"required\""
Replicas *int32 "json:\"replicas,omitempty\" jsonschema:\"required\""
UpdateStrategy *appsv1.StatefulSetUpdateStrategy "json:\"updateStrategy,omitempty\" jsonschema:\"required\""
AdditionalRedpandaCmdFlags []string "json:\"additionalRedpandaCmdFlags,omitempty\""
PodTemplate *PartialPodTemplate "json:\"podTemplate,omitempty\" jsonschema:\"required\""
Budget *struct {
MaxUnavailable *int32 "json:\"maxUnavailable,omitempty\" jsonschema:\"required\""
} "json:\"budget,omitempty\" jsonschema:\"required\""
PodAntiAffinity *struct {
TopologyKey *string "json:\"topologyKey,omitempty\" jsonschema:\"required\""
Type *string "json:\"type,omitempty\" jsonschema:\"required,pattern=^(hard|soft|custom)$\""
Weight *int32 "json:\"weight,omitempty\" jsonschema:\"required\""
Custom map[string]any "json:\"custom,omitempty\""
} "json:\"podAntiAffinity,omitempty\" jsonschema:\"required\""
SideCars *PartialSidecars "json:\"sideCars,omitempty\" jsonschema:\"required\""
InitContainers *struct {
FSValidator *struct {
Enabled *bool "json:\"enabled,omitempty\""
ExpectedFS *string "json:\"expectedFS,omitempty\""
} "json:\"fsValidator,omitempty\""
SetDataDirOwnership *struct {
Enabled *bool "json:\"enabled,omitempty\""
} "json:\"setDataDirOwnership,omitempty\""
} "json:\"initContainers,omitempty\""
InitContainerImage *struct {
Repository *string "json:\"repository,omitempty\""
Tag *string "json:\"tag,omitempty\""
} "json:\"initContainerImage,omitempty\""
}
type PartialStorage ¶
type PartialStorage struct {
HostPath *string "json:\"hostPath,omitempty\" jsonschema:\"required\""
Tiered *PartialTiered "json:\"tiered,omitempty\" jsonschema:\"required\""
PersistentVolume *struct {
Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
Labels map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
Size *resource.Quantity "json:\"size,omitempty\" jsonschema:\"required\""
StorageClass *string "json:\"storageClass,omitempty\" jsonschema:\"required\""
NameOverwrite *string "json:\"nameOverwrite,omitempty\""
} "json:\"persistentVolume,omitempty\" jsonschema:\"required,deprecated\""
TieredConfig PartialTieredStorageConfig "json:\"tieredConfig,omitempty\" jsonschema:\"deprecated\""
TieredStorageHostPath *string "json:\"tieredStorageHostPath,omitempty\" jsonschema:\"deprecated\""
TieredStoragePersistentVolume *struct {
Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
Labels map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
StorageClass *string "json:\"storageClass,omitempty\" jsonschema:\"required\""
} "json:\"tieredStoragePersistentVolume,omitempty\" jsonschema:\"deprecated\""
}
type PartialTLS ¶
type PartialTLS struct {
Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
Certs PartialTLSCertMap "json:\"certs,omitempty\" jsonschema:\"required\""
}
type PartialTLSCert ¶
type PartialTLSCert struct {
Enabled *bool "json:\"enabled,omitempty\""
CAEnabled *bool "json:\"caEnabled,omitempty\" jsonschema:\"required\""
ApplyInternalDNSNames *bool "json:\"applyInternalDNSNames,omitempty\""
Duration *string "json:\"duration,omitempty\" jsonschema:\"pattern=.*[smh]$\""
IssuerRef *cmmetav1.ObjectReference "json:\"issuerRef,omitempty\""
SecretRef *corev1.LocalObjectReference "json:\"secretRef,omitempty\""
ClientSecretRef *corev1.LocalObjectReference "json:\"clientSecretRef,omitempty\""
}
type PartialTLSCertMap ¶
type PartialTLSCertMap map[string]PartialTLSCert
type PartialTiered ¶
type PartialTiered struct {
CredentialsSecretRef *PartialTieredStorageCredentials "json:\"credentialsSecretRef,omitempty\""
Config PartialTieredStorageConfig "json:\"config,omitempty\""
HostPath *string "json:\"hostPath,omitempty\""
MountType *string "json:\"mountType,omitempty\" jsonschema:\"required,pattern=^(none|hostPath|emptyDir|persistentVolume)$\""
PersistentVolume *struct {
Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
Enabled *bool "json:\"enabled,omitempty\""
Labels map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
NameOverwrite *string "json:\"nameOverwrite,omitempty\""
Size *string "json:\"size,omitempty\""
StorageClass *string "json:\"storageClass,omitempty\" jsonschema:\"required\""
} "json:\"persistentVolume,omitempty\""
}
type PartialTieredStorageCredentials ¶
type PartialTieredStorageCredentials struct {
AccessKey *PartialSecretRef "json:\"accessKey,omitempty\""
SecretKey *PartialSecretRef "json:\"secretKey,omitempty\""
}
type PartialTrustStore ¶
type PartialTrustStore struct {
ConfigMapKeyRef *corev1.ConfigMapKeySelector "json:\"configMapKeyRef,omitempty\""
SecretKeyRef *corev1.SecretKeySelector "json:\"secretKeyRef,omitempty\""
}
type PartialTunableConfig ¶
type PartialTuning ¶
type PartialTuning struct {
TuneAIOEvents *bool "json:\"tune_aio_events,omitempty\""
TuneClocksource *bool "json:\"tune_clocksource,omitempty\""
TuneBallastFile *bool "json:\"tune_ballast_file,omitempty\""
BallastFilePath *string "json:\"ballast_file_path,omitempty\""
BallastFileSize *string "json:\"ballast_file_size,omitempty\""
WellKnownIO *string "json:\"well_known_io,omitempty\""
}
type PartialValues ¶
type PartialValues struct {
Global map[string]any "json:\"global,omitempty\""
NameOverride *string "json:\"nameOverride,omitempty\""
FullnameOverride *string "json:\"fullnameOverride,omitempty\""
ClusterDomain *string "json:\"clusterDomain,omitempty\""
CommonLabels map[string]string "json:\"commonLabels,omitempty\""
Image *PartialImage "" /* 126-byte string literal not displayed */
Service *PartialService "json:\"service,omitempty\""
LicenseKey *string "" /* 199-byte string literal not displayed */
AuditLogging *PartialAuditLogging "json:\"auditLogging,omitempty\""
Enterprise *PartialEnterprise "json:\"enterprise,omitempty\""
RackAwareness *PartialRackAwareness "json:\"rackAwareness,omitempty\""
Console *console.PartialValues "json:\"console,omitempty\""
Auth *PartialAuth "json:\"auth,omitempty\""
TLS *PartialTLS "json:\"tls,omitempty\""
External *PartialExternalConfig "json:\"external,omitempty\""
Logging *PartialLogging "json:\"logging,omitempty\""
Monitoring *PartialMonitoring "json:\"monitoring,omitempty\""
Resources *PartialRedpandaResources "json:\"resources,omitempty\""
Storage *PartialStorage "json:\"storage,omitempty\""
PostInstallJob *PartialPostInstallJob "json:\"post_install_job,omitempty\""
Statefulset *PartialStatefulset "json:\"statefulset,omitempty\""
ServiceAccount *PartialServiceAccountCfg "json:\"serviceAccount,omitempty\""
RBAC *PartialRBAC "json:\"rbac,omitempty\""
Tuning *PartialTuning "json:\"tuning,omitempty\""
Listeners *PartialListeners "json:\"listeners,omitempty\""
Config *PartialConfig "json:\"config,omitempty\""
Tests *struct {
Enabled *bool "json:\"enabled,omitempty\""
} "json:\"tests,omitempty\""
Force *bool "json:\"force,omitempty\""
PodTemplate *PartialPodTemplate "json:\"podTemplate,omitempty\""
}
type PodTemplate ¶
type PodTemplate struct {
Labels map[string]string `json:"labels,omitempty" jsonschema:"required"`
Annotations map[string]string `json:"annotations,omitempty" jsonschema:"required"`
Spec *applycorev1.PodSpecApplyConfiguration `json:"spec,omitempty"`
}
type PostInstallJob ¶
type RackAwareness ¶
type RedpandaResources ¶
type RedpandaResources struct {
Limits *corev1.ResourceList `json:"limits,omitempty"`
Requests *corev1.ResourceList `json:"requests,omitempty"`
CPU struct {
Cores resource.Quantity `json:"cores" jsonschema:"required"`
Overprovisioned *bool `json:"overprovisioned"`
} `json:"cpu" jsonschema:"required"`
// Memory resources
// For details,
// see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-memory-resources).
Memory struct {
// Enables memory locking.
// For production, set to `true`.
EnableMemoryLocking *bool `json:"enable_memory_locking"`
// It is recommended to have at least 2Gi of memory per core for the Redpanda binary.
// This memory is taken from the total memory given to each container.
// The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for
// the Seastar subsystem (reserveMemory) and other container processes.
// So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi.
//
// These values affect `--memory` and `--reserve-memory` flags passed to Redpanda and the memory
// requests/limits in the StatefulSet.
// Valid suffixes: k, M, G, T, P, E, Ki, Mi, Gi, Ti, Pi, Ei
// Suffixes are defined as International System of units (http://physics.nist.gov/cuu/Units/binary.html).
// To create `Guaranteed` Pod QoS for Redpanda brokers, provide both container max and min values for the container.
// For details, see
// https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed
// * Every container in the Pod must have a memory limit and a memory request.
// * For every container in the Pod, the memory limit must equal the memory request.
Container struct {
// Minimum memory count for each Redpanda broker.
// If omitted, the `min` value is equal to the `max` value (requested resources defaults to limits).
// This setting is equivalent to `resources.requests.memory`.
// For production, use 10Gi or greater.
Min *resource.Quantity `json:"min"`
// Maximum memory count for each Redpanda broker.
// Equivalent to `resources.limits.memory`.
// For production, use `10Gi` or greater.
Max resource.Quantity `json:"max" jsonschema:"required"`
} `json:"container" jsonschema:"required"`
// This optional `redpanda` object allows you to specify the memory size for both the Redpanda
// process and the underlying reserved memory used by Seastar.
// This section is omitted by default, and memory sizes are calculated automatically
// based on container memory.
// Uncommenting this section and setting memory and reserveMemory values will disable
// automatic calculation.
Redpanda *struct {
// Memory for the Redpanda process.
// This must be lower than the container's memory (resources.memory.container.min if provided, otherwise
// resources.memory.container.max).
// Equivalent to --memory.
// For production, use 8Gi or greater.
Memory *resource.Quantity `json:"memory"`
// Memory reserved for the Seastar subsystem.
// Any value above 1Gi will provide diminishing performance benefits.
// Equivalent to --reserve-memory.
// For production, use 1Gi.
ReserveMemory *resource.Quantity `json:"reserveMemory"`
} `json:"redpanda"`
} `json:"memory" jsonschema:"required"`
}
RedpandaResources encapsulates the calculation of the redpanda container's corev1.ResourceRequirements and parameters such as `--memory`, `--reserve-memory`, and `--smp`. This calculation supports two modes:
Explicit mode (recommended): Activated when `Limits` and `Requests` are set. In this mode, the CLI flags are calculated directly based on the provided `Limits` and `Requests`. This mode ensures predictable resource allocation and is recommended for production environments. If additional tuning is required, the CLI flags can be manually overridden using `statefulset.additionalRedpandaCmdFlags`.
Legacy mode (default): Used when `Limits` and `Requests` are not set. In this mode, the container resources and CLI flags are calculated using built-in default logic, where 80% of the container's memory is allocated to Redpanda and the rest is reserved for system overhead. Legacy mode is intended for backward compatibility and less controlled environments.
Explicit mode offers better control and aligns with Kubernetes best practices. Legacy mode is a fallback for users who have not defined `Limits` and `Requests`.
func (*RedpandaResources) GetOverProvisionValue ¶
func (rr *RedpandaResources) GetOverProvisionValue() bool
func (*RedpandaResources) GetRedpandaFlags ¶
func (rr *RedpandaResources) GetRedpandaFlags() map[string]string
func (*RedpandaResources) GetResourceRequirements ¶
func (rr *RedpandaResources) GetResourceRequirements() corev1.ResourceRequirements
type ResourceQuantity ¶
ResourceQuantity is an extension of resource.Quantity that implements JSONSchemaer. It's specifically for typing a key in TieredStorageConfig.
func (ResourceQuantity) JSONSchema ¶
func (ResourceQuantity) JSONSchema() *jsonschema.Schema
type SASLAuth ¶
type SASLAuth struct {
Enabled bool `json:"enabled" jsonschema:"required"`
Mechanism SASLMechanism `json:"mechanism"`
SecretRef string `json:"secretRef"`
Users []SASLUser `json:"users"`
BootstrapUser BootstrapUser `json:"bootstrapUser"`
}
type SASLMechanism ¶
type SASLMechanism string
func GetSASLMechanism ¶
func GetSASLMechanism(dot *helmette.Dot) SASLMechanism
func (SASLMechanism) JSONSchemaExtend ¶
func (SASLMechanism) JSONSchemaExtend(s *jsonschema.Schema)
type SASLUser ¶
type SASLUser struct {
Name string `json:"name"`
Password string `json:"password"`
Mechanism *SASLMechanism `json:"mechanism"`
}
type SchemaRegistryClient ¶
type SchemaRegistryClient struct {
Retries int `json:"retries"`
RetryBaseBackoffMS int `json:"retry_base_backoff_ms"`
ProduceBatchRecordCount int `json:"produce_batch_record_count"`
ProduceBatchSizeBytes int `json:"produce_batch_size_bytes"`
ProduceBatchDelayMS int `json:"produce_batch_delay_ms"`
ConsumerRequestTimeoutMS int `json:"consumer_request_timeout_ms"`
ConsumerRequestMaxBytes int `json:"consumer_request_max_bytes"`
ConsumerSessionTimeoutMS int `json:"consumer_session_timeout_ms"`
ConsumerRebalanceTimeoutMS int `json:"consumer_rebalance_timeout_ms"`
ConsumerHeartbeatIntervalMS int `json:"consumer_heartbeat_interval_ms"`
}
type SchemaRegistryExternal ¶
type SchemaRegistryExternal struct {
// Enabled indicates if this listener is enabled. If not specified,
// defaults to the value of [ExternalConfig.Enabled].
Enabled *bool `json:"enabled"`
AdvertisedPorts []int32 `json:"advertisedPorts" jsonschema:"minItems=1"`
Port int32 `json:"port"`
NodePort *int32 `json:"nodePort"`
AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
TLS *ExternalTLS `json:"tls"`
}
func (*SchemaRegistryExternal) IsEnabled ¶
func (l *SchemaRegistryExternal) IsEnabled() bool
func (SchemaRegistryExternal) JSONSchemaExtend ¶
func (SchemaRegistryExternal) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
type SchemaRegistryListeners ¶
type SchemaRegistryListeners struct {
// Enabled indicates if this listener is enabled. If not specified,
// defaults to the value of [ExternalConfig.Enabled].
Enabled bool `json:"enabled" jsonschema:"required"`
External ExternalListeners[SchemaRegistryExternal] `json:"external"`
AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
KafkaEndpoint string `json:"kafkaEndpoint" jsonschema:"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$"`
Port int32 `json:"port" jsonschema:"required"`
TLS InternalTLS `json:"tls" jsonschema:"required"`
}
func (*SchemaRegistryListeners) ConsoleTLS ¶
func (l *SchemaRegistryListeners) ConsoleTLS(tls *TLS) ConsoleTLS
func (SchemaRegistryListeners) JSONSchemaExtend ¶
func (SchemaRegistryListeners) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*SchemaRegistryListeners) Listeners ¶
func (l *SchemaRegistryListeners) Listeners(saslEnabled bool) []map[string]any
func (*SchemaRegistryListeners) ListenersTLS ¶
func (l *SchemaRegistryListeners) ListenersTLS(tls *TLS) []map[string]any
func (*SchemaRegistryListeners) TrustStores ¶
func (l *SchemaRegistryListeners) TrustStores(tls *TLS) []*TrustStore
TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.
type SecretRef ¶
type SecretRef struct {
// ConfigurationKey is never read.
ConfigurationKey string `json:"configurationKey"`
Key string `json:"key"`
Name string `json:"name"`
}
func (*SecretRef) AsSource ¶
func (sr *SecretRef) AsSource() *corev1.EnvVarSource
type ServiceAccountCfg ¶
type Sidecars ¶
type Sidecars struct {
Image struct {
Tag ImageTag `json:"tag" jsonschema:"required,default=Chart.appVersion"`
Repository string `json:"repository" jsonschema:"required,default=docker.redpanda.com/redpandadata/redpanda-operator"`
} `json:"image"`
PVCUnbinder struct {
Enabled bool `json:"enabled"`
UnbindAfter string `json:"unbindAfter"`
} `json:"pvcUnbinder"`
BrokerDecommissioner struct {
Enabled bool `json:"enabled"`
DecommissionAfter string `json:"decommissionAfter"`
DecommissionRequeueTimeout string `json:"decommissionRequeueTimeout"`
} `json:"brokerDecommissioner"`
ConfigWatcher struct {
Enabled bool `json:"enabled"`
} `json:"configWatcher"`
Controllers struct {
Image struct {
Tag ImageTag `json:"tag" jsonschema:"required,default=Chart.appVersion"`
Repository string `json:"repository" jsonschema:"required,default=docker.redpanda.com/redpandadata/redpanda-operator"`
} `json:"image"`
Enabled bool `json:"enabled"`
CreateRBAC bool `json:"createRBAC"`
HealthProbeAddress string `json:"healthProbeAddress"`
MetricsAddress string `json:"metricsAddress"`
PprofAddress string `json:"pprofAddress"`
Run []string `json:"run"`
} `json:"controllers"`
}
func (*Sidecars) AdditionalSidecarControllersEnabled ¶
func (*Sidecars) ShouldCreateRBAC ¶
type Statefulset ¶
type Statefulset struct {
AdditionalSelectorLabels map[string]string `json:"additionalSelectorLabels" jsonschema:"required"`
Replicas int32 `json:"replicas" jsonschema:"required"`
UpdateStrategy appsv1.StatefulSetUpdateStrategy `json:"updateStrategy" jsonschema:"required"`
AdditionalRedpandaCmdFlags []string `json:"additionalRedpandaCmdFlags"`
PodTemplate PodTemplate `json:"podTemplate" jsonschema:"required"`
Budget struct {
MaxUnavailable int32 `json:"maxUnavailable" jsonschema:"required"`
} `json:"budget" jsonschema:"required"`
PodAntiAffinity struct {
TopologyKey string `json:"topologyKey" jsonschema:"required"`
Type string `json:"type" jsonschema:"required,pattern=^(hard|soft|custom)$"`
Weight int32 `json:"weight" jsonschema:"required"`
Custom map[string]any `json:"custom"`
} `json:"podAntiAffinity" jsonschema:"required"`
SideCars Sidecars `json:"sideCars" jsonschema:"required"`
InitContainers struct {
FSValidator struct {
Enabled bool `json:"enabled"`
ExpectedFS string `json:"expectedFS"`
} `json:"fsValidator"`
SetDataDirOwnership struct {
Enabled bool `json:"enabled"`
} `json:"setDataDirOwnership"`
} `json:"initContainers"`
InitContainerImage struct {
Repository string `json:"repository"`
Tag string `json:"tag"`
} `json:"initContainerImage"`
}
type Storage ¶
type Storage struct {
HostPath string `json:"hostPath" jsonschema:"required"`
Tiered Tiered `json:"tiered" jsonschema:"required"`
PersistentVolume *struct {
Annotations map[string]string `json:"annotations" jsonschema:"required"`
Enabled bool `json:"enabled" jsonschema:"required"`
Labels map[string]string `json:"labels" jsonschema:"required"`
Size resource.Quantity `json:"size" jsonschema:"required"`
StorageClass string `json:"storageClass" jsonschema:"required"`
NameOverwrite string `json:"nameOverwrite"`
} `json:"persistentVolume" jsonschema:"required,deprecated"`
TieredConfig TieredStorageConfig `json:"tieredConfig" jsonschema:"deprecated"`
TieredStorageHostPath string `json:"tieredStorageHostPath" jsonschema:"deprecated"`
TieredStoragePersistentVolume *struct {
Annotations map[string]string `json:"annotations" jsonschema:"required"`
Enabled bool `json:"enabled" jsonschema:"required"`
Labels map[string]string `json:"labels" jsonschema:"required"`
StorageClass string `json:"storageClass" jsonschema:"required"`
} `json:"tieredStoragePersistentVolume" jsonschema:"deprecated"`
}
func (*Storage) GetTieredStorageConfig ¶
func (s *Storage) GetTieredStorageConfig() TieredStorageConfig
func (*Storage) GetTieredStorageHostPath ¶
was: storage-tiered-hostpath
func (*Storage) IsTieredStorageEnabled ¶
func (Storage) JSONSchemaExtend ¶
func (Storage) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*Storage) StorageMinFreeBytes ¶
func (*Storage) TieredCacheDirectory ¶
TieredCacheDirectory was: tieredStorage.cacheDirectory
func (*Storage) TieredMountType ¶
TieredMountType was: storage-tiered-mountType
func (*Storage) TieredPersistentVolumeAnnotations ¶
Storage.TieredPersistentVolumeAnnotations was storage-tiered-persistentVolume.annotations support legacy storage.tieredStoragePersistentVolume
func (*Storage) TieredPersistentVolumeLabels ¶
Storage.TieredPersistentVolumeLabels was storage-tiered-persistentVolume.labels support legacy storage.tieredStoragePersistentVolume
func (*Storage) TieredPersistentVolumeStorageClass ¶
storage.TieredPersistentVolumeStorageClass was storage-tiered-persistentVolume.storageClass support legacy storage.tieredStoragePersistentVolume
type TLS ¶
type TLS struct {
Enabled bool `json:"enabled" jsonschema:"required"`
Certs TLSCertMap `json:"certs" jsonschema:"required"`
}
type TLSCert ¶
type TLSCert struct {
// Enabled should be interpreted as `true` if not set.
Enabled *bool `json:"enabled"`
CAEnabled bool `json:"caEnabled" jsonschema:"required"`
ApplyInternalDNSNames *bool `json:"applyInternalDNSNames"`
Duration string `json:"duration" jsonschema:"pattern=.*[smh]$"`
IssuerRef *cmmetav1.ObjectReference `json:"issuerRef"`
SecretRef *corev1.LocalObjectReference `json:"secretRef"`
ClientSecretRef *corev1.LocalObjectReference `json:"clientSecretRef"`
}
type TLSCertMap ¶
func (TLSCertMap) JSONSchemaExtend ¶
func (TLSCertMap) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (TLSCertMap) MustGet ¶
func (m TLSCertMap) MustGet(name string) *TLSCert
type Tiered ¶
type Tiered struct {
CredentialsSecretRef TieredStorageCredentials `json:"credentialsSecretRef"`
Config TieredStorageConfig `json:"config"`
HostPath string `json:"hostPath"`
MountType string `json:"mountType" jsonschema:"required,pattern=^(none|hostPath|emptyDir|persistentVolume)$"`
PersistentVolume struct {
Annotations map[string]string `json:"annotations" jsonschema:"required"`
Enabled bool `json:"enabled"`
Labels map[string]string `json:"labels" jsonschema:"required"`
NameOverwrite string `json:"nameOverwrite"`
Size string `json:"size"`
StorageClass string `json:"storageClass" jsonschema:"required"`
} `json:"persistentVolume"`
}
type TieredStorageConfig ¶
func (TieredStorageConfig) CloudStorageCacheSize ¶
func (c TieredStorageConfig) CloudStorageCacheSize() *resource.Quantity
func (TieredStorageConfig) HasAzureCanaries ¶
func (c TieredStorageConfig) HasAzureCanaries() bool
HasAzureCanaries returns true if this configuration has keys set that would indicate the configuration is for a MSFT Azure environment.
If true, [TieredStorageCredentials.SecretKey] should be treated as the value for `cloud_storage_azure_shared_key` instead of `cloud_storage_secret_key`.
func (TieredStorageConfig) JSONSchema ¶
func (TieredStorageConfig) JSONSchema() *jsonschema.Schema
+gotohelm:ignore=true
func (TieredStorageConfig) Translate ¶
func (c TieredStorageConfig) Translate(creds *TieredStorageCredentials) map[string]any
Translate converts TieredStorageConfig into a map suitable for use in an unexpanded `.bootstrap.yaml`.
type TieredStorageCredentials ¶
type TieredStorageCredentials struct {
AccessKey *SecretRef `json:"accessKey"`
SecretKey *SecretRef `json:"secretKey"`
}
func (*TieredStorageCredentials) AsEnvVars ¶
func (tsc *TieredStorageCredentials) AsEnvVars(config TieredStorageConfig) []corev1.EnvVar
type TrustStore ¶
type TrustStore struct {
ConfigMapKeyRef *corev1.ConfigMapKeySelector `json:"configMapKeyRef"`
SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef"`
}
func (TrustStore) JSONSchemaExtend ¶
func (TrustStore) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*TrustStore) RelativePath ¶
func (t *TrustStore) RelativePath() string
func (*TrustStore) TrustStoreFilePath ¶
func (t *TrustStore) TrustStoreFilePath() string
func (*TrustStore) VolumeProjection ¶
func (t *TrustStore) VolumeProjection() corev1.VolumeProjection
type TunableConfig ¶
func (TunableConfig) JSONSchemaExtend ¶
func (TunableConfig) JSONSchemaExtend(schema *jsonschema.Schema)
+gotohelm:ignore=true
func (*TunableConfig) Translate ¶
func (c *TunableConfig) Translate() map[string]any
type Tuning ¶
type Tuning struct {
TuneAIOEvents bool `json:"tune_aio_events,omitempty"`
TuneClocksource bool `json:"tune_clocksource,omitempty"`
TuneBallastFile bool `json:"tune_ballast_file,omitempty"`
BallastFilePath string `json:"ballast_file_path,omitempty"`
BallastFileSize string `json:"ballast_file_size,omitempty"`
WellKnownIO string `json:"well_known_io,omitempty"`
}
type Values ¶
type Values struct {
// Global is an untyped map of values that are "global" to this chart and
// all its sub-charts.
// See also: https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values
Global map[string]any `json:"global,omitempty"`
NameOverride string `json:"nameOverride"`
FullnameOverride string `json:"fullnameOverride"`
ClusterDomain string `json:"clusterDomain"`
CommonLabels map[string]string `json:"commonLabels"`
Image Image `json:"image" jsonschema:"required,description=Values used to define the container image to be used for Redpanda"`
Service *Service `json:"service"`
LicenseKey string `` /* 183-byte string literal not displayed */
AuditLogging AuditLogging `json:"auditLogging"`
Enterprise Enterprise `json:"enterprise"`
RackAwareness RackAwareness `json:"rackAwareness"`
Console console.PartialValues `json:"console,omitempty"`
Auth Auth `json:"auth"`
TLS TLS `json:"tls"`
External ExternalConfig `json:"external"`
Logging Logging `json:"logging"`
Monitoring Monitoring `json:"monitoring"`
Resources RedpandaResources `json:"resources"`
Storage Storage `json:"storage"`
PostInstallJob PostInstallJob `json:"post_install_job"`
Statefulset Statefulset `json:"statefulset"`
ServiceAccount ServiceAccountCfg `json:"serviceAccount"`
RBAC RBAC `json:"rbac"`
Tuning Tuning `json:"tuning"`
Listeners Listeners `json:"listeners"`
Config Config `json:"config"`
Tests *struct {
Enabled bool `json:"enabled"`
} `json:"tests"`
Force bool `json:"force"`
PodTemplate PodTemplate `json:"podTemplate"`
}
Source Files
¶
- cert_issuers.go
- certs.go
- chart.go
- configmap.tpl.go
- console.tpl.go
- helpers.go
- notes.go
- poddisruptionbudget.go
- post_install_upgrade_job.go
- rbac.go
- secrets.go
- service.loadbalancer.go
- service.nodeport.go
- service_internal.go
- serviceaccount.go
- servicemonitor.go
- statefulset.go
- values.go
- values_partial.gen.go
- values_util.go
Directories