Google Git
Sign in
apache / pulsar-helm-chart / HEAD / . / charts / pulsar / values.yaml
blob: 1094510f36aec5879eb1afa6868498372fb786be [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
###
### K8S Settings
###
### Namespace to deploy pulsar
# The namespace to use to deploy the pulsar components, if left empty
# will default to .Release.Namespace (aka helm --namespace).
namespace: ""
namespaceCreate: false
## clusterDomain as defined for your k8s cluster
clusterDomain: cluster.local
###
### Global Settings
###
## Set to true on install
initialize: false
## Set useReleaseStatus to false if you're deploying this chart using a system that doesn't track .Release.IsInstall or .Release.IsUpgrade (like argocd)
useReleaseStatus: true
## Set cluster name
# clusterName:
## add custom labels to components of cluster
# labels:
# environment: dev
# customer: apache
## Pulsar Metadata Prefix
##
## By default, pulsar stores all the metadata at root path.
## You can configure to have a prefix (e.g. "/my-pulsar-cluster").
## If you do so, all the pulsar and bookkeeper metadata will
## be stored under the provided path
metadataPrefix: ""
## Port name prefix
##
## Used for Istio support which depends on a standard naming of ports
## See https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection
## Prefixes are disabled by default
tcpPrefix: "" # For Istio this will be "tcp-"
tlsPrefix: "" # For Istio this will be "tls-"
## Persistence
##
## If persistence is enabled, components that have state will
## be deployed with PersistentVolumeClaims, otherwise, for test
## purposes, they will be deployed with emptyDir
##
## This is a global setting that is applied to all components.
## If you need to disable persistence for a component,
## you can set the `volume.persistence` setting to `false` for
## that component.
##
## Deprecated in favor of using `volumes.persistence`
persistence: true
## Volume settings
volumes:
persistence: true
# configure the components to use local persistent volume
# the local provisioner should be installed prior to enable local persistent volume
local_storage: false
## RBAC
##
## Configure settings related to RBAC such as limiting broker access to single
## namespece or enabling PSP
rbac:
enabled: false
psp: false
limit_to_namespace: true
## AntiAffinity
##
## Flag to enable and disable `AntiAffinity` for all components.
## This is a global setting that is applied to all components.
## If you need to disable AntiAffinity for a component, you can set
## the `affinity.anti_affinity` settings to `false` for that component.
affinity:
anti_affinity: true
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: requiredDuringSchedulingIgnoredDuringExecution
## Components
##
## Control what components of Apache Pulsar to deploy for the cluster
components:
# zookeeper
zookeeper: true
# bookkeeper
bookkeeper: true
# bookkeeper - autorecovery
autorecovery: true
# broker
broker: true
# functions
# WARNING! Before enabling functions, make sure that all of your users are trusted since functions run user code
# and the current security sandbox is not sufficient to protect against malicious code.
functions: false
# proxy
proxy: true
# toolset
toolset: true
# pulsar manager
pulsar_manager: false
# default image tag for pulsar images
# uses chart's appVersion when unspecified
defaultPulsarImageTag:
## Images
##
## Control what images to use for each component
images:
# set imagePullSecrets
# imagePullSecrets:
# - secretName
zookeeper:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
bookie:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
autorecovery:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
broker:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
proxy:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
functions:
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pulsar_manager:
repository: apachepulsar/pulsar-manager
tag: v0.4.0
pullPolicy: IfNotPresent
hasCommand: false
## TLS
## templates/tls-certs.yaml
##
## The chart is using cert-manager for provisioning TLS certs for
## brokers and proxies.
tls:
enabled: false
ca_suffix: ca-tls
# common settings for generating certs
common:
# 90d
duration: 2160h
# 15d
renewBefore: 360h
organization:
- pulsar
keySize: 4096
keyAlgorithm: RSA
keyEncoding: PKCS8
# settings for generating certs for proxy
proxy:
enabled: false
cert_name: tls-proxy
# settings for generating certs for broker
broker:
enabled: false
cert_name: tls-broker
# settings for generating certs for bookies
bookie:
enabled: false
cert_name: tls-bookie
# settings for generating certs for zookeeper
zookeeper:
enabled: false
cert_name: tls-zookeeper
# settings for generating certs for recovery
autorecovery:
cert_name: tls-recovery
# settings for generating certs for toolset
toolset:
cert_name: tls-toolset
# TLS setting for function runtime instance
function_instance:
# controls the use of TLS for function runtime connections towards brokers
enabled: false
# Enable or disable broker authentication and authorization.
auth:
authentication:
enabled: false
provider: "jwt"
jwt:
# Enable JWT authentication
# If the token is generated by a secret key, set the usingSecretKey as true.
# If the token is generated by a private key, set the usingSecretKey as false.
usingSecretKey: false
authorization:
enabled: false
superUsers:
# broker to broker communication
broker: "broker-admin"
# proxy to broker communication
proxy: "proxy-admin"
# pulsar-admin client to broker/proxy communication
client: "admin"
# pulsar-manager to broker communication. If left empty, no jwt setup will be performed in the manager
manager: ""
# omits the above proxy role from superusers on the proxy
# and configures it as a proxy role on the broker in addition to the superusers
useProxyRoles: true
######################################################################
# External dependencies
######################################################################
## cert-manager
## templates/tls-cert-issuer.yaml
##
## Cert manager is used for automatically provisioning TLS certificates
## for components within a Pulsar cluster
certs:
internal_issuer:
apiVersion: cert-manager.io/v1
enabled: false
component: internal-cert-issuer
type: selfsigning
# 90d
duration: 2160h
# 15d
renewBefore: 360h
issuers:
selfsigning:
######################################################################
# Below are settings for each component
######################################################################
## Pulsar: Zookeeper cluster
## templates/zookeeper-statefulset.yaml
##
zookeeper:
# use a component name that matches your grafana configuration
# so the metrics are correctly rendered in grafana dashboard
component: zookeeper
# the number of zookeeper servers to run. it should be an odd number larger than or equal to 3.
replicaCount: 3
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
# This is how prometheus discovers this component
podMonitor:
enabled: true
interval: 60s
scrapeTimeout: 60s
metricRelabelings:
# - action: labeldrop
# regex: cluster
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
ports:
http: 8000
client: 2181
clientTls: 2281
follower: 2888
leaderElection: 3888
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
probe:
liveness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 30
readiness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 30
startup:
enabled: false
failureThreshold: 30
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 30
affinity:
anti_affinity: true
anti_affinity_topology_key: kubernetes.io/hostname
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: requiredDuringSchedulingIgnoredDuringExecution
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 256Mi
cpu: 0.1
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /certs
# readOnly: true
extraVolumes: []
extraVolumeMounts: []
# Ensures 2.10.0 non-root docker image works correctly.
securityContext:
fsGroup: 0
fsGroupChangePolicy: "OnRootMismatch"
volumes:
useSeparateDiskForTxlog: false
# use a persistent volume or emptyDir
persistence: true
data:
name: data
size: 20Gi
local_storage: true
## If you already have an existent storage class and want to reuse it, you can specify its name with the option below
##
# storageClassName: existent-storage-class
#
## Instead if you want to create a new storage class define it below
## If left undefined no storage class will be defined along with PVC
##
# storageClass:
# type: pd-ssd
# fsType: xfs
# provisioner: kubernetes.io/gce-pd
## If you want to bind static persistent volumes via selectors, e.g.:
# selector:
# matchLabels:
# app: pulsar-zookeeper
selector: {}
## If you set useSeparateDiskForTxlog to true, this section configures the extra volume for the zookeeper transaction log.
datalog:
name: datalog
size: 20Gi
local_storage: true
## If you already have an existent storage class and want to reuse it, you can specify its name with the option below
##
# storageClassName: existent-storage-class
#
## Instead if you want to create a new storage class define it below
## If left undefined no storage class will be defined along with PVC
##
# storageClass:
# type: pd-ssd
# fsType: xfs
# provisioner: kubernetes.io/gce-pd
## If you want to bind static persistent volumes via selectors, e.g.:
# selector:
# matchLabels:
# app: pulsar-zookeeper
selector: {}
# External zookeeper server list in case of global-zk list to create zk cluster across zk deployed on different clusters/namespaces
# Example value: "us-east1-pulsar-zookeeper-0.us-east1-pulsar-zookeeper.us-east1.svc.cluster.local:2888:3888,us-east1-pulsar-zookeeper-1.us-east1-pulsar-zookeeper.us-east1.svc.cluster.local:2888:3888,us-east1-pulsar-zookeeper-2.us-east1-pulsar-zookeeper.us-east1.svc.cluster.local:2888:3888,us-west1-pulsar-zookeeper-0.us-west1-pulsar-zookeeper.us-west1.svc.cluster.local:2888:3888,us-west1-pulsar-zookeeper-1.us-west1-pulsar-zookeeper.us-west1.svc.cluster.local:2888:3888,us-west1-pulsar-zookeeper-2.us-west1-pulsar-zookeeper.us-west1.svc.cluster.local:2888:3888"
externalZookeeperServerList: ""
## Zookeeper service account
## templates/zookeeper-service-account.yaml
service_account:
annotations: {}
## Zookeeper configmap
## templates/zookeeper-configmap.yaml
##
configData:
PULSAR_MEM: >
-Xms64m -Xmx128m
PULSAR_GC: >
-XX:+UseG1GC
-XX:MaxGCPauseMillis=10
-Dcom.sun.management.jmxremote
-Djute.maxbuffer=10485760
-XX:+ParallelRefProcEnabled
-XX:+UnlockExperimentalVMOptions
-XX:+DoEscapeAnalysis
-XX:+DisableExplicitGC
-XX:+ExitOnOutOfMemoryError
-XX:+PerfDisableSharedMem
## Add a custom command to the start up process of the zookeeper pods (e.g. update-ca-certificates, jvm commands, etc)
additionalCommand:
## Zookeeper service
## templates/zookeeper-service.yaml
##
service:
annotations: {}
## Zookeeper PodDisruptionBudget
## templates/zookeeper-pdb.yaml
##
pdb:
usePolicy: true
maxUnavailable: 1
## Pulsar: Bookkeeper cluster
## templates/bookkeeper-statefulset.yaml
##
bookkeeper:
# use a component name that matches your grafana configuration
# so the metrics are correctly rendered in grafana dashboard
component: bookie
## BookKeeper Cluster Initialize
## templates/bookkeeper-cluster-initialize.yaml
metadata:
## Set the resources used for running `bin/bookkeeper shell initnewcluster`
##
resources:
# requests:
# memory: 4Gi
# cpu: 2
replicaCount: 4
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
# This is how prometheus discovers this component
podMonitor:
enabled: true
interval: 60s
scrapeTimeout: 60s
metricRelabelings:
# - action: labeldrop
# regex: cluster
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
ports:
http: 8000
bookie: 3181
statestore: 4181
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
probe:
liveness:
enabled: true
failureThreshold: 60
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
readiness:
enabled: true
failureThreshold: 60
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
startup:
enabled: false
failureThreshold: 30
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
affinity:
anti_affinity: true
anti_affinity_topology_key: kubernetes.io/hostname
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: requiredDuringSchedulingIgnoredDuringExecution
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 512Mi
cpu: 0.2
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /certs
# readOnly: true
extraVolumes: []
extraVolumeMounts: []
# Ensures 2.10.0 non-root docker image works correctly.
securityContext:
fsGroup: 0
fsGroupChangePolicy: "OnRootMismatch"
volumes:
# use a persistent volume or emptyDir
persistence: true
journal:
name: journal
size: 10Gi
local_storage: true
## If you already have an existent storage class and want to reuse it, you can specify its name with the option below
##
# storageClassName: existent-storage-class
#
## Instead if you want to create a new storage class define it below
## If left undefined no storage class will be defined along with PVC
##
# storageClass:
# type: pd-ssd
# fsType: xfs
# provisioner: kubernetes.io/gce-pd
## If you want to bind static persistent volumes via selectors, e.g.:
# selector:
# matchLabels:
# app: pulsar-bookkeeper-journal
selector: {}
useMultiVolumes: false
multiVolumes:
- name: journal0
size: 10Gi
# storageClassName: existent-storage-class
mountPath: /pulsar/data/bookkeeper/journal0
- name: journal1
size: 10Gi
# storageClassName: existent-storage-class
mountPath: /pulsar/data/bookkeeper/journal1
ledgers:
name: ledgers
size: 50Gi
local_storage: true
# storageClassName:
# storageClass:
# ...
# selector:
# ...
useMultiVolumes: false
multiVolumes:
- name: ledgers0
size: 10Gi
# storageClassName: existent-storage-class
mountPath: /pulsar/data/bookkeeper/ledgers0
- name: ledgers1
size: 10Gi
# storageClassName: existent-storage-class
mountPath: /pulsar/data/bookkeeper/ledgers1
## use a single common volume for both journal and ledgers
useSingleCommonVolume: false
common:
name: common
size: 60Gi
local_storage: true
# storageClassName:
# storageClass: ## this is common too
# ...
# selector:
# ...
## Bookkeeper service account
## templates/bookkeeper-service-account.yaml
service_account:
annotations: {}
## Bookkeeper configmap
## templates/bookkeeper-configmap.yaml
##
configData:
# we use `bin/pulsar` for starting bookie daemons
PULSAR_MEM: >
-Xms128m
-Xmx256m
-XX:MaxDirectMemorySize=256m
PULSAR_GC: >
-XX:+UseG1GC
-XX:MaxGCPauseMillis=10
-XX:+ParallelRefProcEnabled
-XX:+UnlockExperimentalVMOptions
-XX:+DoEscapeAnalysis
-XX:ParallelGCThreads=4
-XX:ConcGCThreads=4
-XX:G1NewSizePercent=50
-XX:+DisableExplicitGC
-XX:-ResizePLAB
-XX:+ExitOnOutOfMemoryError
-XX:+PerfDisableSharedMem
#
# Bookkeeper configuration reference: https://bookkeeper.apache.org/docs/reference/config
#
# https://bookkeeper.apache.org/docs/reference/config#db-ledger-storage-settings
# You could use the below example settings for a minimal configuration
# dbStorage_writeCacheMaxSizeMb: "32"
# dbStorage_readAheadCacheMaxSizeMb: "32"
# dbStorage_rocksDB_writeBufferSizeMB: "8"
# dbStorage_rocksDB_blockCacheSize: "8388608"
#
# configure the data compaction (bookie entry log compaction and gc) settings
# https://bookkeeper.apache.org/docs/reference/config#garbage-collection-settings
# https://bookkeeper.apache.org/docs/reference/config#entry-log-compaction-settings
minorCompactionThreshold: "0.2" # default 0.2 (use default)
minorCompactionInterval: "360" # default 3600 seconds (6 minutes vs default 1 hour)
majorCompactionThreshold: "0.8" # default 0.5
majorCompactionInterval: "10800" # default 86400 seconds (3 hours vs default 1 day)
gcWaitTime: "300000" # default 900000 milli-seconds (5 minutes vs default 15 minutes)
isForceGCAllowWhenNoSpace: "true" # default false
# disk utilization configuration
# https://bookkeeper.apache.org/docs/reference/config#disk-utilization
# Make sure that diskUsageLwmThreshold <= diskUsageWarnThreshold <= diskUsageThreshold
diskUsageLwmThreshold: "0.85" # default 0.90
diskUsageWarnThreshold: "0.9" # default 0.95
diskUsageThreshold: "0.95" # default 0.95 (use default)
diskCheckInterval: "1800" # default 10000
## Add a custom command to the start up process of the bookie pods (e.g. update-ca-certificates, jvm commands, etc)
additionalCommand:
## Bookkeeper Service
## templates/bookkeeper-service.yaml
##
service:
spec:
publishNotReadyAddresses: true
## Bookkeeper PodDisruptionBudget
## templates/bookkeeper-pdb.yaml
##
pdb:
usePolicy: true
maxUnavailable: 1
## Pulsar: Bookkeeper AutoRecovery
## templates/autorecovery-statefulset.yaml
##
autorecovery:
# use a component name that matches your grafana configuration
# so the metrics are correctly rendered in grafana dashboard
component: recovery
replicaCount: 1
# This is how prometheus discovers this component
podMonitor:
enabled: true
interval: 60s
scrapeTimeout: 60s
metricRelabelings:
# - action: labeldrop
# regex: cluster
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
ports:
http: 8000
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
affinity:
anti_affinity: true
anti_affinity_topology_key: kubernetes.io/hostname
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: requiredDuringSchedulingIgnoredDuringExecution
annotations: {}
# tolerations: []
gracePeriod: 30
resources:
requests:
memory: 64Mi
cpu: 0.05
## Bookkeeper auto-recovery service account
## templates/autorecovery-service-account.yaml
service_account:
annotations: {}
## Bookkeeper auto-recovery configmap
## templates/autorecovery-configmap.yaml
##
configData:
BOOKIE_MEM: >
-Xms64m -Xmx64m
PULSAR_PREFIX_useV2WireProtocol: "true"
## Pulsar Zookeeper metadata. The metadata will be deployed as
## soon as the last zookeeper node is reachable. The deployment
## of other components that depends on zookeeper, such as the
## bookkeeper nodes, broker nodes, etc will only start to be
## deployed when the zookeeper cluster is ready and with the
## metadata deployed
pulsar_metadata:
component: pulsar-init
image:
# the image used for running `pulsar-cluster-initialize` job
repository: apachepulsar/pulsar-all
# uses defaultPulsarImageTag when unspecified
tag:
pullPolicy: IfNotPresent
## set an existing configuration store
# configurationStore:
configurationStoreMetadataPrefix: ""
configurationStorePort: 2181
# resources for bin/pulsar initialize-cluster-metadata
resources:
# requests:
# memory: 512Mi
# cpu: 1
## optional you can specify tolerations and nodeSelectors for all init jobs (pulsar-init & bookkeeper-init)
# tolerations: []
# - key: "someKey"
# operator: "Equal"
# value: "someValue"
# effect: "NoSchedule"
# nodeSelector: {}
# cloud.google.com/gke-nodepool: default-pool
## optional, you can provide your own zookeeper metadata store for other components
# to use this, you should explicit set components.zookeeper to false
#
# userProvidedZookeepers: "zk01.example.com:2181,zk02.example.com:2181"
# Can be used to run extra commands in the initialization jobs e.g. to quit istio sidecars etc.
extraInitCommand: ""
## Pulsar: Broker cluster
## templates/broker-statefulset.yaml
##
broker:
# use a component name that matches your grafana configuration
# so the metrics are correctly rendered in grafana dashboard
component: broker
replicaCount: 3
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
metrics: ~
behavior: ~
# This is how prometheus discovers this component
podMonitor:
enabled: true
interval: 60s
scrapeTimeout: 60s
metricRelabelings:
# - action: labeldrop
# regex: cluster
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
ports:
http: 8080
https: 8443
pulsar: 6650
pulsarssl: 6651
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
probe:
liveness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
readiness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
startup:
enabled: false
failureThreshold: 30
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
affinity:
anti_affinity: true
anti_affinity_topology_key: kubernetes.io/hostname
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: preferredDuringSchedulingIgnoredDuringExecution
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 512Mi
cpu: 0.2
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /certs
# readOnly: true
extraVolumes: []
extraVolumeMounts: []
extreEnvs: []
# - name: POD_NAME
# valueFrom:
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.name
## Broker configmap
## templates/broker-configmap.yaml
## Keys in broker.conf can be overridden here. Use PULSAR_PREFIX_ to add keys to broker.conf.
## In addition, keys in function_worker.yml can be overridden using the PF_ prefix, with _ serving as the key path separator.
##
configData:
PULSAR_MEM: >
-Xms128m -Xmx256m -XX:MaxDirectMemorySize=256m
PULSAR_GC: >
-XX:+UseG1GC
-XX:MaxGCPauseMillis=10
-Dio.netty.leakDetectionLevel=disabled
-Dio.netty.recycler.linkCapacity=1024
-XX:+ParallelRefProcEnabled
-XX:+UnlockExperimentalVMOptions
-XX:+DoEscapeAnalysis
-XX:ParallelGCThreads=4
-XX:ConcGCThreads=4
-XX:G1NewSizePercent=50
-XX:+DisableExplicitGC
-XX:-ResizePLAB
-XX:+ExitOnOutOfMemoryError
-XX:+PerfDisableSharedMem
managedLedgerDefaultEnsembleSize: "1"
managedLedgerDefaultWriteQuorum: "1"
managedLedgerDefaultAckQuorum: "1"
## Add a custom command to the start up process of the broker pods (e.g. update-ca-certificates, jvm commands, etc)
additionalCommand:
## Broker service
## templates/broker-service.yaml
##
service:
annotations: {}
## Broker PodDisruptionBudget
## templates/broker-pdb.yaml
##
pdb:
usePolicy: true
maxUnavailable: 1
### Broker service account
## templates/broker-service-account.yaml
service_account:
annotations: {}
## You may use the following annotation in order to use EKS IAM Roles for Service Accounts (IRSA)
# eks.amazonaws.com/role-arn: arn:aws:iam::66666:role/my-iam-role-with-s3-access
## Tiered Storage
##
storageOffload: {}
## General
## =======
# maxBlockSizeInBytes: "64000000"
# readBufferSizeInBytes: "1000000"
## The following are default values for the cluster. They can be changed
## on each namespace.
# managedLedgerOffloadDeletionLagMs: "14400000"
# managedLedgerOffloadAutoTriggerSizeThresholdBytes: "-1" # disabled
## For AWS S3
## ======
## Either you must create an IAM account with access to the bucket and
## generate keys for that account, or use IAM Roles for Service Accounts (IRSA)
## (example on `.Value.broker.service_account.annotations` section above)
##
# driver: aws-s3
# bucket: <bucket>
# region: <region>
## Secret that stores AWS credentials, using the following command:
## ```
## kubectl -n pulsar create secret generic \
## --from-literal=AWS_ACCESS_KEY_ID=<AWS ACCESS KEY> \
## --from-literal=AWS_SECRET_ACCESS_KEY=<AWS SECRET KEY> \
## <secret name>
## ```
# secret: <secret name> # [k8s secret name that stores AWS credentials]
## For S3 Compatible
## =================
## Need to create access and secret key for S3 compatible service
#
# driver: aws-s3
# bucket: <bucket>
# region: <region>
# serviceEndpoint: host:port
## Secret that stores AWS credentials, using the following command:
## ```
## kubectl -n pulsar create secret generic \
## --from-literal=AWS_ACCESS_KEY_ID=<AWS ACCESS KEY> \
## --from-literal=AWS_SECRET_ACCESS_KEY=<AWS SECRET KEY> \
## <aws secret name>
## ```
# secret: <aws secret name> # [k8s secret name that stores AWS credentials]
## For Azure Blob
## =================
## Need to create an Azure storage account and a blob containter (bucket)
## To retrieve key, see https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#code-try-1
#
# driver: azureblob
# bucket: <bucket>
# region: <region>
## Secret that stores AZURE credentials, using the following command:
## ```
## kubectl -n pulsar create secret generic \
## --from-literal=AZURE_STORAGE_ACCOUNT=<AZURE STORAGE ACCOUNT> \
## --from-literal=AZURE_STORAGE_ACCESS_KEY=<AZURE STORAGE ACCESS KEY> \
## <azure secret name>
## ```
# secret: <azure secret name> # [k8s secret name that stores AZURE credentials]
## For Google Cloud Storage
## ====================
## You must create a service account that has access to the objects in GCP buckets
## and upload its key as a JSON file to a secret.
##
## 1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts
## 2. Select your project.
## 3. Create a new service account.
## 4. Give the service account permission to access the bucket. For example,
## the "Storage Object Admin" role.
## 5. Create a key for the service account and save it as a JSON file.
## 6. Save the JSON file in a secret:
## kubectl create secret generic pulsar-gcp-sa-secret \
## --from-file=google-service-account-key.json \
## --namespace pulsar
##
# driver: google-cloud-storage
# bucket: <bucket>
# region: <region>
# gcsServiceAccountSecret: pulsar-gcp-sa-secret # pragma: allowlist secret
# gcsServiceAccountJsonFile: google-service-account-key.json
## Pulsar: Functions Worker
## The Function Worker component runs embedded with the broker
## Configuration for the function worker is set in the broker configmap with keys prefixed by `PF_`.
functions:
component: functions-worker
useBookieAsStateStore: false
## Pulsar: Functions Worker ClusterRole or Role
## templates/broker-rbac.yaml
# Default is false which deploys functions with ClusterRole and ClusterRoleBinding at the cluster level
# Set to true to deploy functions with Role and RoleBinding inside the specified namespace
rbac:
limit_to_namespace: true
### Functions Worker service account
## templates/broker-service-account.yaml
service_account:
annotations: {}
## Pulsar: Proxy Cluster
## templates/proxy-statefulset.yaml
##
proxy:
# use a component name that matches your grafana configuration
# so the metrics are correctly rendered in grafana dashboard
component: proxy
replicaCount: 3
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
metrics: ~
behavior: ~
# This is how prometheus discovers this component
podMonitor:
enabled: true
interval: 60s
scrapeTimeout: 60s
metricRelabelings:
# - action: labeldrop
# regex: cluster
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
probe:
liveness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
readiness:
enabled: true
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
startup:
enabled: false
failureThreshold: 30
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
affinity:
anti_affinity: true
anti_affinity_topology_key: kubernetes.io/hostname
# Set the anti affinity type. Valid values:
# requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica
# preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee
type: requiredDuringSchedulingIgnoredDuringExecution
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 128Mi
cpu: 0.2
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /certs
# readOnly: true
extraVolumes: []
extraVolumeMounts: []
extreEnvs: []
# - name: POD_IP
# valueFrom:
# fieldRef:
# apiVersion: v1
# fieldPath: status.podIP
## Proxy service account
## templates/proxy-service-account.yaml
service_account:
annotations: {}
## Proxy configmap
## templates/proxy-configmap.yaml
##
configData:
PULSAR_MEM: >
-Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m
PULSAR_GC: >
-XX:+UseG1GC
-XX:MaxGCPauseMillis=10
-Dio.netty.leakDetectionLevel=disabled
-Dio.netty.recycler.linkCapacity=1024
-XX:+ParallelRefProcEnabled
-XX:+UnlockExperimentalVMOptions
-XX:+DoEscapeAnalysis
-XX:ParallelGCThreads=4
-XX:ConcGCThreads=4
-XX:G1NewSizePercent=50
-XX:+DisableExplicitGC
-XX:-ResizePLAB
-XX:+ExitOnOutOfMemoryError
-XX:+PerfDisableSharedMem
httpNumThreads: "8"
## Add a custom command to the start up process of the proxy pods (e.g. update-ca-certificates, jvm commands, etc)
additionalCommand:
## Proxy service
## templates/proxy-service.yaml
##
ports:
http: 80
https: 443
pulsar: 6650
pulsarssl: 6651
containerPorts:
http: 8080
https: 8443
service:
annotations: {}
type: LoadBalancer
## Optional. Leave it blank to get next available random IP.
loadBalancerIP: ""
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: Local
## Restrict traffic through the load balancer to specified IPs on providers supporting it.
# loadBalancerSourceRanges:
# - 10.0.0.0/8
## Proxy ingress
## templates/proxy-ingress.yaml
##
ingress:
enabled: false
annotations: {}
ingressClassName: ""
tls:
enabled: false
## Optional. Leave it blank if your Ingress Controller can provide a default certificate.
secretName: ""
hostname: ""
path: "/"
## Proxy PodDisruptionBudget
## templates/proxy-pdb.yaml
##
pdb:
usePolicy: true
maxUnavailable: 1
## Pulsar ToolSet
## templates/toolset-deployment.yaml
##
toolset:
component: toolset
useProxy: true
replicaCount: 1
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 256Mi
cpu: 0.1
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /certs
# readOnly: true
extraVolumes: []
extraVolumeMounts: []
## Toolset service account
## templates/toolset-service-account.yaml
service_account:
annotations: {}
## Toolset configmap
## templates/toolset-configmap.yaml
##
configData:
PULSAR_MEM: >
-Xms64M
-Xmx128M
-XX:MaxDirectMemorySize=128M
## Add a custom command to the start up process of the toolset pods (e.g. update-ca-certificates, jvm commands, etc)
additionalCommand:
#############################################################
### Monitoring Stack : kube-prometheus-stack chart
#############################################################
## Prometheus, Grafana, and the rest of the kube-prometheus-stack are managed by the dependent chart here:
## https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
## For sample values, please see their documentation.
kube-prometheus-stack:
enabled: true
prometheus:
enabled: true
grafana:
enabled: true
# Use random password at installation time for Grafana by default by setting empty value to `adminPassword`.
# You can find out the actual password by running the following command:
# kubectl get secret -l app.kubernetes.io/name=grafana -o=jsonpath="{.items[0].data.admin-password}" | base64 --decode
adminPassword:
# Configure Pulsar dashboards for Grafana
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'pulsar'
orgId: 1
folder: 'Pulsar'
type: file
disableDeletion: true
editable: true
options:
path: /var/lib/grafana/dashboards/pulsar
dashboards:
pulsar:
# Download the maintained dashboards from AL 2.0 licenced repo https://github.com/streamnative/apache-pulsar-grafana-dashboard
bookkeeper:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/bookkeeper.json
datasource: Prometheus
broker:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/broker.json
datasource: Prometheus
connector_sink:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/connector_sink.json
datasource: Prometheus
connector_source:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/connector_source.json
datasource: Prometheus
container:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/container.json
datasource: Prometheus
functions:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/functions.json
datasource: Prometheus
jvm:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/jvm.json
datasource: Prometheus
loadbalance:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/loadbalance.json
datasource: Prometheus
messaging:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/messaging.json
datasource: Prometheus
node:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/node.json
datasource: Prometheus
overview:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/overview.json
datasource: Prometheus
proxy:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/proxy.json
datasource: Prometheus
recovery:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/recovery.json
datasource: Prometheus
topic:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/topic.json
datasource: Prometheus
transaction:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/transaction.json
datasource: Prometheus
zookeeper:
url: https://raw.githubusercontent.com/streamnative/apache-pulsar-grafana-dashboard/master/dashboards.kubernetes/zookeeper-3.6.json
datasource: Prometheus
prometheus-node-exporter:
enabled: true
hostRootFsMount:
enabled: false
alertmanager:
enabled: false
## Components Stack: pulsar_manager
## templates/pulsar-manager.yaml
##
pulsar_manager:
component: pulsar-manager
replicaCount: 1
# True includes annotation for statefulset that contains hash of corresponding configmap, which will cause pods to restart on configmap change
restartPodsOnConfigMapChange: false
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
annotations: {}
tolerations: []
gracePeriod: 30
resources:
requests:
memory: 250Mi
cpu: 0.1
configData:
REDIRECT_HOST: "http://127.0.0.1"
REDIRECT_PORT: "9527"
LOG_LEVEL: "INFO"
# DB
URL: "jdbc:postgresql://127.0.0.1:5432/pulsar_manager"
DRIVER_CLASS_NAME: "org.postgresql.Driver"
# enables the "message peeking" feature
PULSAR_PEEK_MESSAGE: "true"
volumes:
# use a persistent volume or emptyDir
persistence: true
data:
name: data
size: 128Mi
local_storage: true
## If you already have an existent storage class and want to reuse it, you can specify its name with the option below
##
# storageClassName: existent-storage-class,
## If you want to bind static persistent volumes via selectors, e.g.:
# selector:
# matchLabels:
# app: pulsar-bookkeeper-journal
selector: {}
## Pulsar manager service
## templates/pulsar-manager-service.yaml
##
service:
type: ClusterIP
port: 9527
targetPort: 9527
annotations: {}
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: Local
## Restrict traffic through the load balancer to specified IPs on providers supporting it.
# loadBalancerSourceRanges:
# - 10.0.0.0/8
adminService:
type: ClusterIP
port: 7750
targetPort: 7750
annotations: {}
## Pulsar manager ingress
## templates/pulsar-manager-ingress.yaml
##
ingress:
enabled: false
annotations: {}
ingressClassName: ""
tls:
enabled: false
## Optional. Leave it blank if your Ingress Controller can provide a default certificate.
secretName: ""
hostname: ""
path: "/"
## On first install, the helm chart tries to reuse an existing secret with matching name by default
## if this should fail it uses the given username and password to create a new secret
## if either are missing the default value of "pulsar" is used for the username or a random password is generated
## And decode any key by using:
## kubectl get secret -l component=pulsar-manager -o=jsonpath="{.items[0].data.UI_PASSWORD}" | base64 --decode
admin:
## Setting a value at existingSecret disables automatic creation of the secret for pulsar_manager admin credentials and instead uses an existing secret to initialize pulsar-manager
## The existing secret should have the following keys:
## DB_PASSWORD: <database password>
## DB_USERNAME: <database username>
## UI_PASSWORD: <UI password>
## UI_USERNAME: <UI username>
existingSecret: ""
ui_username: "pulsar"
ui_password: "" # leave empty for random password
db_username: "pulsar"
db_password: "" # leave empty for random password
# These are jobs where job ttl configuration is used
# pulsar-helm-chart/charts/pulsar/templates/pulsar-cluster-initialize.yaml
# pulsar-helm-chart/charts/pulsar/templates/bookkeeper-cluster-initialize.yaml
# pulsar-helm-chart/charts/pulsar/templates/pulsar-manager-cluster-initialize.yaml
job:
ttl:
enabled: false
secondsAfterFinished: 3600
# This section is intended for cluster providers where all containers, including init containers,
# need to provide the number of resources they are going to use.
initContainer:
resources:
requests:
memory: 256Mi
cpu: 0.1