charts/pulsar/templates/proxy-configmap.yaml

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#

{{- if or .Values.components.proxy .Values.extra.proxy }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
  namespace: {{ template "pulsar.namespace" . }}
  labels:
    {{- include "pulsar.standardLabels" . | nindent 4 }}
    component: {{ .Values.proxy.component }}
data:
  clusterName: {{ template "pulsar.cluster.name" . }}
  httpNumThreads: "8"
  statusFilePath: "{{ template "pulsar.home" . }}/status"
  # prometheus needs to access /metrics endpoint
  webServicePort: "{{ .Values.proxy.ports.http }}"
  {{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }}
  servicePort: "{{ .Values.proxy.ports.pulsar }}"
  brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}
  brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}
  {{- end }}
  {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
  tlsEnabledInProxy: "true"
  servicePortTls: "{{ .Values.proxy.ports.pulsarssl }}"
  webServicePortTls: "{{ .Values.proxy.ports.https }}"
  tlsCertificateFilePath: "/pulsar/certs/proxy/tls.crt"
  tlsKeyFilePath: "/pulsar/certs/proxy/tls.key"
  tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
  {{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
  # if broker enables TLS, configure proxy to talk to broker using TLS
  brokerServiceURLTLS: pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}
  brokerWebServiceURLTLS: https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}
  tlsEnabledWithBroker: "true"
  tlsCertRefreshCheckDurationSec: "300"
  brokerClientTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
  {{- end }}
  {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
  brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}
  brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}
  {{- end }}
  {{- end }}

  # Authentication Settings
  {{- if .Values.auth.authentication.enabled }}
  authenticationEnabled: "true"
  {{- if .Values.auth.authorization.enabled }}
  # disable authorization on proxy and forward authorization credentials to broker
  authorizationEnabled: "false"
  forwardAuthorizationCredentials: "true"
  superUserRoles: {{ .Values.auth.superUsers | values | join "," }}
  {{- end }}
  {{- if eq .Values.auth.authentication.provider "jwt" }}
  # token authentication configuration
  authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken"
  brokerClientAuthenticationParameters: "file:///pulsar/tokens/proxy/token"
  brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
  {{- if .Values.auth.authentication.jwt.usingSecretKey }}
  tokenSecretKey: "file:///pulsar/keys/token/secret.key"
  {{- else }}
  tokenPublicKey: "file:///pulsar/keys/token/public.key"
  {{- end }}
  {{- end }}
  {{- end }}
{{ toYaml .Values.proxy.configData | indent 2 }}
{{- end }}