# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs ingress: virtualhost: baseurl: &baseurl "simpledemo.onap.org" preaddr: &preaddr "" postaddr: &postaddr "" ################################################################# # Application configuration defaults. ################################################################# replicaCount: 3 affinity: podAntiAffinity: enabled: true config: kafkaVersion: 3.8.0 authType: simple saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 strimziKafkaAdminUser: &adminUser strimzi-kafka-admin advertisedHost: kafka-api.simpledemo.onap.org advertizedPortBroker0: &advertizedPortBroker0 9000 advertizedPortBroker1: &advertizedPortBroker1 9001 advertizedPortBroker2: &advertizedPortBroker2 9002 autoCreateTopics: true persistence: enabled: &pvenabled true mountPath: /dockerdata-nfs kafka: enabled: *pvenabled # default values of 2Gi for dev env. # Production values should be dimensioned according to requirements. ie >= 10Gi size: 2Gi volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs mountSubPath: strimzi-kafka/kafka zookeeper: enabled: *pvenabled size: 1Gi volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs mountSubPath: strimzi-kafka/zk #Pods Service Account serviceAccount: nameOverride: strimzi-kafka roles: - read ingress: enabled: false service: - baseaddr: "kafka-bootstrap-api" name: "onap-strimzi-kafka-external-bootstrap" port: 9094 protocol: tcp exposedPort: 9010 exposedProtocol: TLS - baseaddr: "kafka-api" tcpRoutes: - name: "onap-strimzi-kafka-0" port: 9094 exposedPort: *advertizedPortBroker0 exposedProtocol: TLS - name: "onap-strimzi-kafka-1" port: 9094 exposedPort: *advertizedPortBroker1 exposedProtocol: TLS - name: "onap-strimzi-kafka-2" port: 9094 exposedPort: *advertizedPortBroker2 exposedProtocol: TLS # Kafka Exporter for metrics metrics: enabled: false kafkaExporter: enabled: false metricsConfig: type: jmxPrometheusExporter topicRegex: ".*" groupRegex: ".*" resources: requests: cpu: "2" memory: "600Mi" limits: cpu: "5" memory: "1.5Gi" logging: debug enableSaramaLogging: true readinessProbe: initialDelaySeconds: 15 timeoutSeconds: 5 livenessProbe: initialDelaySeconds: 15 timeoutSeconds: 5 podMonitor: # Prometheus pre requisite. Currently an optional addon in the OOM docs enabled: false # default port for strimzi metrics port: "tcp-prometheus" # podMonitor labels for prometheus to pick up the podMonitor # dummy value labels: release: dummy relabelings: [] metricRelabelings: [] cruiseControl: ## Cruise Control provides a Kafka metrics reporter implementation ## once installed into the Kafka brokers, filters and records a wide range of metrics provided by the brokers themselves. ## pre requisite is having 2 or more broker nodes enabled: false metricsConfig: type: jmxPrometheusExporter ## Custom resource for Kafka that can rebalance your cluster # ref. https://strimzi.io/blog/2020/06/15/cruise-control/ kafkaRebalance: enabled: false template: pod: securityContext: seccompProfile: type: RuntimeDefault cruiseControlContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW resources: limits: cpu: '2' memory: 2Gi requests: cpu: 100m memory: 1Gi ###################### # Component overrides ###################### strimzi-kafka-bridge: enabled: true config: saslMechanism: *saslMech kafkaInternalPort: *plainPort strimziKafkaAdminUser: *adminUser kafka: template: pod: securityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 seccompProfile: type: RuntimeDefault kafkaContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true #runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW resources: limits: cpu: '2' memory: 2Gi requests: cpu: 100m memory: 1Gi zookeeper: template: pod: securityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 seccompProfile: type: RuntimeDefault zookeeperContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true #runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW resources: limits: cpu: '2' memory: 2Gi requests: cpu: 100m memory: 1Gi entityOperator: template: pod: securityContext: seccompProfile: type: RuntimeDefault topicOperatorContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW userOperatorContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW topicOperator: resources: limits: cpu: '2' memory: 2Gi requests: cpu: 100m memory: 1Gi userOperator: resources: limits: cpu: '2' memory: 2Gi requests: cpu: 100m memory: 1Gi kafkaExporter: template: pod: securityContext: seccompProfile: type: RuntimeDefault container: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 capabilities: drop: - ALL - CAP_NET_RAW