| --- |
| # Source: zookeeper/templates/poddisruptionbudget.yaml |
| apiVersion: policy/v1 |
| kind: PodDisruptionBudget |
| metadata: |
| name: zookeeper |
| namespace: zookeeper |
| labels: |
| app: zookeeper |
| chart: zookeeper-2.1.5 |
| release: zookeeper |
| heritage: Helm |
| component: server |
| spec: |
| selector: |
| matchLabels: |
| app: zookeeper |
| release: zookeeper |
| component: server |
| maxUnavailable: 1 |
| --- |
| # Source: zookeeper/templates/config-script.yaml |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| name: zookeeper |
| namespace: zookeeper |
| labels: |
| app: zookeeper |
| chart: zookeeper-2.1.5 |
| release: zookeeper |
| heritage: Helm |
| component: server |
| data: |
| ok: | |
| #!/bin/sh |
| if [ -f /tls/client/ca.crt ]; then |
| echo "srvr" | openssl s_client -CAfile /tls/client/ca.crt -cert /tls/client/tls.crt -key /tls/client/tls.key -connect 127.0.0.1:${1:-2281} -quiet -ign_eof 2>/dev/null | grep Mode |
| else |
| zkServer.sh status |
| fi |
| |
| ready: | |
| #!/bin/sh |
| if [ -f /tls/client/ca.crt ]; then |
| echo "ruok" | openssl s_client -CAfile /tls/client/ca.crt -cert /tls/client/tls.crt -key /tls/client/tls.key -connect 127.0.0.1:${1:-2281} -quiet -ign_eof 2>/dev/null |
| else |
| echo ruok | nc 127.0.0.1 ${1:-2181} |
| fi |
| |
| run: | |
| #!/bin/bash |
| |
| set -a |
| ROOT=$(echo /apache-zookeeper-*) |
| |
| ZK_USER=${ZK_USER:-"zookeeper"} |
| ZK_LOG_LEVEL=${ZK_LOG_LEVEL:-"INFO"} |
| ZK_DATA_DIR=${ZK_DATA_DIR:-"/data"} |
| ZK_DATA_LOG_DIR=${ZK_DATA_LOG_DIR:-"/data/log"} |
| ZK_CONF_DIR=${ZK_CONF_DIR:-"/conf"} |
| ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181} |
| ZK_SSL_CLIENT_PORT=${ZK_SSL_CLIENT_PORT:-2281} |
| ZK_SERVER_PORT=${ZK_SERVER_PORT:-2888} |
| ZK_ELECTION_PORT=${ZK_ELECTION_PORT:-3888} |
| ZK_TICK_TIME=${ZK_TICK_TIME:-2000} |
| ZK_INIT_LIMIT=${ZK_INIT_LIMIT:-10} |
| ZK_SYNC_LIMIT=${ZK_SYNC_LIMIT:-5} |
| ZK_HEAP_SIZE=${ZK_HEAP_SIZE:-2G} |
| ZK_MAX_CLIENT_CNXNS=${ZK_MAX_CLIENT_CNXNS:-60} |
| ZK_MIN_SESSION_TIMEOUT=${ZK_MIN_SESSION_TIMEOUT:- $((ZK_TICK_TIME*2))} |
| ZK_MAX_SESSION_TIMEOUT=${ZK_MAX_SESSION_TIMEOUT:- $((ZK_TICK_TIME*20))} |
| ZK_SNAP_RETAIN_COUNT=${ZK_SNAP_RETAIN_COUNT:-3} |
| ZK_PURGE_INTERVAL=${ZK_PURGE_INTERVAL:-0} |
| ID_FILE="$ZK_DATA_DIR/myid" |
| ZK_CONFIG_FILE="$ZK_CONF_DIR/zoo.cfg" |
| LOG4J_PROPERTIES="$ZK_CONF_DIR/log4j.properties" |
| HOST=$(hostname) |
| DOMAIN=`hostname -d` |
| JVMFLAGS="-Xmx$ZK_HEAP_SIZE -Xms$ZK_HEAP_SIZE" |
| |
| APPJAR=$(echo $ROOT/*jar) |
| CLASSPATH="${ROOT}/lib/*:${APPJAR}:${ZK_CONF_DIR}:" |
| |
| if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then |
| NAME=${BASH_REMATCH[1]} |
| ORD=${BASH_REMATCH[2]} |
| MY_ID=$((ORD+1)) |
| else |
| echo "Failed to extract ordinal from hostname $HOST" |
| exit 1 |
| fi |
| |
| mkdir -p $ZK_DATA_DIR |
| mkdir -p $ZK_DATA_LOG_DIR |
| echo $MY_ID >> $ID_FILE |
| |
| if [[ -f /tls/server/ca.crt ]]; then |
| cp /tls/server/ca.crt /data/server-ca.pem |
| cat /tls/server/tls.crt /tls/server/tls.key > /data/server.pem |
| fi |
| if [[ -f /tls/client/ca.crt ]]; then |
| cp /tls/client/ca.crt /data/client-ca.pem |
| cat /tls/client/tls.crt /tls/client/tls.key > /data/client.pem |
| fi |
| |
| echo "dataDir=$ZK_DATA_DIR" >> $ZK_CONFIG_FILE |
| echo "dataLogDir=$ZK_DATA_LOG_DIR" >> $ZK_CONFIG_FILE |
| echo "tickTime=$ZK_TICK_TIME" >> $ZK_CONFIG_FILE |
| echo "initLimit=$ZK_INIT_LIMIT" >> $ZK_CONFIG_FILE |
| echo "syncLimit=$ZK_SYNC_LIMIT" >> $ZK_CONFIG_FILE |
| echo "maxClientCnxns=$ZK_MAX_CLIENT_CNXNS" >> $ZK_CONFIG_FILE |
| echo "minSessionTimeout=$ZK_MIN_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE |
| echo "maxSessionTimeout=$ZK_MAX_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE |
| echo "autopurge.snapRetainCount=$ZK_SNAP_RETAIN_COUNT" >> $ZK_CONFIG_FILE |
| echo "autopurge.purgeInterval=$ZK_PURGE_INTERVAL" >> $ZK_CONFIG_FILE |
| echo "4lw.commands.whitelist=*" >> $ZK_CONFIG_FILE |
| |
| # Client TLS configuration |
| if [[ -f /tls/client/ca.crt ]]; then |
| echo "secureClientPort=$ZK_SSL_CLIENT_PORT" >> $ZK_CONFIG_FILE |
| echo "ssl.keyStore.location=/data/client.pem" >> $ZK_CONFIG_FILE |
| echo "ssl.trustStore.location=/data/client-ca.pem" >> $ZK_CONFIG_FILE |
| else |
| echo "clientPort=$ZK_CLIENT_PORT" >> $ZK_CONFIG_FILE |
| fi |
| |
| # Server TLS configuration |
| if [[ -f /tls/server/ca.crt ]]; then |
| echo "serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory" >> $ZK_CONFIG_FILE |
| echo "sslQuorum=true" >> $ZK_CONFIG_FILE |
| echo "ssl.quorum.keyStore.location=/data/server.pem" >> $ZK_CONFIG_FILE |
| echo "ssl.quorum.trustStore.location=/data/server-ca.pem" >> $ZK_CONFIG_FILE |
| fi |
| |
| for (( i=1; i<=$ZK_REPLICAS; i++ )) |
| do |
| echo "server.$i=$NAME-$((i-1)).$DOMAIN:$ZK_SERVER_PORT:$ZK_ELECTION_PORT" >> $ZK_CONFIG_FILE |
| done |
| |
| rm -f $LOG4J_PROPERTIES |
| |
| echo "zookeeper.root.logger=$ZK_LOG_LEVEL, CONSOLE" >> $LOG4J_PROPERTIES |
| echo "zookeeper.console.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES |
| echo "zookeeper.log.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES |
| echo "zookeeper.log.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES |
| echo "zookeeper.log.file=zookeeper.log" >> $LOG4J_PROPERTIES |
| echo "zookeeper.log.maxfilesize=256MB" >> $LOG4J_PROPERTIES |
| echo "zookeeper.log.maxbackupindex=10" >> $LOG4J_PROPERTIES |
| echo "zookeeper.tracelog.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES |
| echo "zookeeper.tracelog.file=zookeeper_trace.log" >> $LOG4J_PROPERTIES |
| echo "log4j.rootLogger=\${zookeeper.root.logger}" >> $LOG4J_PROPERTIES |
| echo "log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender" >> $LOG4J_PROPERTIES |
| echo "log4j.appender.CONSOLE.Threshold=\${zookeeper.console.threshold}" >> $LOG4J_PROPERTIES |
| echo "log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout" >> $LOG4J_PROPERTIES |
| echo "log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n" >> $LOG4J_PROPERTIES |
| |
| if [ -n "$JMXDISABLE" ] |
| then |
| MAIN=org.apache.zookeeper.server.quorum.QuorumPeerMain |
| else |
| MAIN="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$JMXPORT -Dcom.sun.management.jmxremote.authenticate=$JMXAUTH -Dcom.sun.management.jmxremote.ssl=$JMXSSL -Dzookeeper.jmx.log4j.disable=$JMXLOG4J org.apache.zookeeper.server.quorum.QuorumPeerMain" |
| fi |
| |
| set -x |
| exec java -cp "$CLASSPATH" $JVMFLAGS $MAIN $ZK_CONFIG_FILE |
| --- |
| # Source: zookeeper/templates/service-headless.yaml |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: zookeeper-headless |
| namespace: zookeeper |
| labels: |
| app: zookeeper |
| chart: zookeeper-2.1.5 |
| release: zookeeper |
| heritage: Helm |
| spec: |
| clusterIP: None |
| publishNotReadyAddresses: true |
| ports: |
| - name: client |
| port: 2281 |
| targetPort: client |
| protocol: TCP |
| - name: election |
| port: 3888 |
| targetPort: election |
| protocol: TCP |
| - name: server |
| port: 2888 |
| targetPort: server |
| protocol: TCP |
| selector: |
| app: zookeeper |
| release: zookeeper |
| --- |
| # Source: zookeeper/templates/service.yaml |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: zookeeper |
| namespace: zookeeper |
| labels: |
| app: zookeeper |
| chart: zookeeper-2.1.5 |
| release: zookeeper |
| heritage: Helm |
| spec: |
| type: ClusterIP |
| ports: |
| - name: client |
| port: 2281 |
| protocol: TCP |
| targetPort: client |
| selector: |
| app: zookeeper |
| release: zookeeper |
| --- |
| # Source: zookeeper/templates/statefulset.yaml |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| name: zookeeper |
| namespace: zookeeper |
| labels: |
| app: zookeeper |
| chart: zookeeper-2.1.5 |
| release: zookeeper |
| heritage: Helm |
| component: server |
| spec: |
| serviceName: zookeeper-headless |
| replicas: 3 |
| selector: |
| matchLabels: |
| app: zookeeper |
| release: zookeeper |
| component: server |
| updateStrategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| app: zookeeper |
| release: zookeeper |
| component: server |
| spec: |
| terminationGracePeriodSeconds: 1800 |
| securityContext: |
| fsGroup: 1000 |
| runAsUser: 1000 |
| affinity: |
| podAntiAffinity: |
| requiredDuringSchedulingIgnoredDuringExecution: |
| - labelSelector: |
| matchExpressions: |
| - key: "app" |
| operator: In |
| values: |
| - zookeeper |
| topologyKey: "kubernetes.io/hostname" |
| containers: |
| - name: zookeeper |
| image: "zookeeper:3.7.1" |
| imagePullPolicy: IfNotPresent |
| command: |
| - "/bin/bash" |
| - "-xec" |
| - "/config-scripts/run" |
| ports: |
| - name: client |
| containerPort: 2281 |
| protocol: TCP |
| - name: election |
| containerPort: 3888 |
| protocol: TCP |
| - name: server |
| containerPort: 2888 |
| protocol: TCP |
| livenessProbe: |
| exec: |
| command: |
| - sh |
| - /config-scripts/ok |
| initialDelaySeconds: 20 |
| periodSeconds: 30 |
| timeoutSeconds: 5 |
| failureThreshold: 2 |
| successThreshold: 1 |
| readinessProbe: |
| exec: |
| command: |
| - sh |
| - /config-scripts/ready |
| initialDelaySeconds: 20 |
| periodSeconds: 30 |
| timeoutSeconds: 5 |
| failureThreshold: 2 |
| successThreshold: 1 |
| env: |
| - name: ZK_REPLICAS |
| value: "3" |
| - name: JMXAUTH |
| value: "false" |
| - name: JMXDISABLE |
| value: "false" |
| - name: JMXPORT |
| value: "1099" |
| - name: JMXSSL |
| value: "false" |
| - name: ZK_SYNC_LIMIT |
| value: "10" |
| - name: ZK_TICK_TIME |
| value: "2000" |
| - name: ZOO_AUTOPURGE_PURGEINTERVAL |
| value: "6" |
| - name: ZOO_AUTOPURGE_SNAPRETAINCOUNT |
| value: "3" |
| - name: ZOO_INIT_LIMIT |
| value: "5" |
| - name: ZOO_MAX_CLIENT_CNXNS |
| value: "60" |
| - name: ZOO_PORT |
| value: "2181" |
| - name: ZOO_STANDALONE_ENABLED |
| value: "false" |
| - name: ZOO_TICK_TIME |
| value: "2000" |
| resources: |
| {} |
| volumeMounts: |
| - name: data |
| mountPath: /data |
| - name: zookeeper-server-tls |
| mountPath: /tls/server |
| readOnly: true |
| - name: zookeeper-client-tls |
| mountPath: /tls/client |
| readOnly: true |
| - name: config |
| mountPath: /config-scripts |
| volumes: |
| - name: config |
| configMap: |
| name: zookeeper |
| defaultMode: 0555 |
| - name: zookeeper-server-tls |
| secret: |
| secretName: zookeeper-server-tls |
| - name: zookeeper-client-tls |
| secret: |
| secretName: zookeeper-server-tls |
| volumeClaimTemplates: |
| - metadata: |
| name: data |
| spec: |
| accessModes: |
| - "ReadWriteOnce" |
| resources: |
| requests: |
| storage: "5Gi" |