From be0d1acebc87665f1619ee32e762bb2d70248297 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 29 Jul 2017 05:47:55 +0200 Subject: [PATCH 01/31] Adds annotations, assuming gnu sed --- prod-yolean.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/prod-yolean.sh b/prod-yolean.sh index fb48139e..8fc91e15 100755 --- a/prod-yolean.sh +++ b/prod-yolean.sh @@ -2,8 +2,23 @@ # Combines addons into what we 'kubectl apply -f' to production set -ex +ANNOTATION_PREFIX='yolean.se/kubernetes-kafka-' +BUILD=$(basename $0) + +function annotate { + key=$1 + value=$2 + file=$3 + sed -i "s| annotations:| annotations:\n ${ANNOTATION_PREFIX}$key: '$value'|" $file +} + git fetch -git checkout origin/kafka-011 +git checkout origin/master + +echo "Working copy must be clean" +[ -z "$(git status --untracked-files=no -s)" ] +START_REV_GIT=$(git rev-parse --short HEAD) + git checkout -b prod-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ @@ -14,3 +29,11 @@ for BRANCH in \ do git merge --no-ff $BRANCH -m "prod-yolean merge $BRANCH" done + +END_BRANCH_GIT=$(git rev-parse --abbrev-ref HEAD) + +for F in ./50kafka.yml ./zookeeper/50pzoo.yml ./zookeeper/51zoo.yml +do + annotate fromrev $START_REV_GIT $F + annotate build $END_BRANCH_GIT $F +done From 7a1173be5fbd5f334e4ffe96b33358ade933ea94 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 29 Jul 2017 07:25:14 +0200 Subject: [PATCH 02/31] Fixes the sed on OSX --- prod-yolean.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/prod-yolean.sh b/prod-yolean.sh index 8fc91e15..80cb8938 100755 --- a/prod-yolean.sh +++ b/prod-yolean.sh @@ -9,7 +9,16 @@ function annotate { key=$1 value=$2 file=$3 - sed -i "s| annotations:| annotations:\n ${ANNOTATION_PREFIX}$key: '$value'|" $file + case $(uname) in + Darwin*) + sed -i '' 's| annotations:| annotations:\ + --next-annotation--|' $file + sed -i '' "s|--next-annotation--|${ANNOTATION_PREFIX}$key: '$value'|" $file + ;; + *) + sed -i "s| annotations:| annotations:\n ${ANNOTATION_PREFIX}$key: '$value'|" $file + ;; + esac } git fetch From 4ece24cb9430c8407efc50d79ff06c8c0a524641 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 29 Jul 2017 14:27:40 +0200 Subject: [PATCH 03/31] There's probably a tool out there for combining branches --- prod-yolean.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/prod-yolean.sh b/prod-yolean.sh index 80cb8938..88ea25c8 100755 --- a/prod-yolean.sh +++ b/prod-yolean.sh @@ -4,6 +4,11 @@ set -ex ANNOTATION_PREFIX='yolean.se/kubernetes-kafka-' BUILD=$(basename $0) +REMOTE=origin +FROM="$REMOTE/" +START=master + +[ ! -z "$(git status --untracked-files=no -s)" ] && echo "Working copy must be clean" && exit 1 function annotate { key=$1 @@ -21,12 +26,8 @@ function annotate { esac } -git fetch -git checkout origin/master - -echo "Working copy must be clean" -[ -z "$(git status --untracked-files=no -s)" ] -START_REV_GIT=$(git rev-parse --short HEAD) +git checkout ${FROM}$START +REVS="$START:$(git rev-parse --short ${FROM}$START)" git checkout -b prod-yolean-$(date +"%Y%m%dT%H%M%S") @@ -36,13 +37,14 @@ for BRANCH in \ addon-rest \ addon-kube-events-topic do - git merge --no-ff $BRANCH -m "prod-yolean merge $BRANCH" + git merge --no-ff ${FROM}$BRANCH -m "prod-yolean merge ${FROM}$BRANCH" && \ + REVS="$REVS $BRANCH:$(git rev-parse --short ${FROM}$BRANCH)" done END_BRANCH_GIT=$(git rev-parse --abbrev-ref HEAD) for F in ./50kafka.yml ./zookeeper/50pzoo.yml ./zookeeper/51zoo.yml do - annotate fromrev $START_REV_GIT $F - annotate build $END_BRANCH_GIT $F + annotate revs "$REVS" $F + annotate build "$END_BRANCH_GIT" $F done From 5baf8c2584aaa06880d4889f52969449ab429faa Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Mon, 31 Jul 2017 21:20:27 +0200 Subject: [PATCH 04/31] addon-rest isn't quite ready for the world yet. And ... avoid log to file in containers. --- 10broker-config.yml | 2 +- prod-yolean.sh | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/10broker-config.yml b/10broker-config.yml index af0f0374..26bc414c 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -170,7 +170,7 @@ data: # Unspecified loggers and loggers with additivity=true output to server.log and stdout # Note that INFO only applies to unspecified loggers, the log level of the child logger is used otherwise - log4j.rootLogger=INFO, stdout, kafkaAppender + log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout diff --git a/prod-yolean.sh b/prod-yolean.sh index 88ea25c8..a78462ea 100755 --- a/prod-yolean.sh +++ b/prod-yolean.sh @@ -34,7 +34,6 @@ git checkout -b prod-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ addon-storage-classes \ addon-metrics \ - addon-rest \ addon-kube-events-topic do git merge --no-ff ${FROM}$BRANCH -m "prod-yolean merge ${FROM}$BRANCH" && \ From 18990967343e34e79b609c31be73d509ce20b9e2 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Mon, 31 Jul 2017 21:36:10 +0200 Subject: [PATCH 05/31] Topic deletion will be enabled by default in Kafka 1.0 --- 10broker-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10broker-config.yml b/10broker-config.yml index 26bc414c..a246e808 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -35,7 +35,7 @@ data: broker.id=${KAFKA_BROKER_ID} # Switch to enable topic deletion or not, default value is false - #delete.topic.enable=true + delete.topic.enable=true ############################# Socket Server Settings ############################# From a39d09d820c0f6f5892021f44326629ed8f96a6e Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 2 Aug 2017 12:50:36 +0200 Subject: [PATCH 06/31] Let's postpone merge of RollingUpdate but evaluate it in QA https://github.com/Yolean/kubernetes-kafka/pull/55 --- prod-yolean.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/prod-yolean.sh b/prod-yolean.sh index a78462ea..2f9b7753 100755 --- a/prod-yolean.sh +++ b/prod-yolean.sh @@ -33,6 +33,7 @@ git checkout -b prod-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ addon-storage-classes \ + rolling-update \ addon-metrics \ addon-kube-events-topic do From a8db336c1a03d01e8aacd4f811bebc5ab9542b26 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 3 Aug 2017 14:24:05 +0200 Subject: [PATCH 07/31] Rack awareness is candidate for merge --- prod-yolean.sh => qa-yolean.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename prod-yolean.sh => qa-yolean.sh (88%) diff --git a/prod-yolean.sh b/qa-yolean.sh similarity index 88% rename from prod-yolean.sh rename to qa-yolean.sh index 2f9b7753..89401283 100755 --- a/prod-yolean.sh +++ b/qa-yolean.sh @@ -29,15 +29,16 @@ function annotate { git checkout ${FROM}$START REVS="$START:$(git rev-parse --short ${FROM}$START)" -git checkout -b prod-yolean-$(date +"%Y%m%dT%H%M%S") +git checkout -b qa-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ + multizone-rack-awareness \ addon-storage-classes \ rolling-update \ addon-metrics \ addon-kube-events-topic do - git merge --no-ff ${FROM}$BRANCH -m "prod-yolean merge ${FROM}$BRANCH" && \ + git merge --no-ff ${FROM}$BRANCH -m "qa-yolean merge ${FROM}$BRANCH" && \ REVS="$REVS $BRANCH:$(git rev-parse --short ${FROM}$BRANCH)" done From 7cf2a5da0d2e321bc0567dcb0e1690e9ed51866d Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 05:28:56 +0200 Subject: [PATCH 08/31] RBAC rights are purely additive so ... a project like kubernetes-kafka should keep them minimal. To access nodes we do need ClusterRole instead of Role. --- rbac-namespace-default/node-reader.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rbac-namespace-default/node-reader.yml diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml new file mode 100644 index 00000000..50541827 --- /dev/null +++ b/rbac-namespace-default/node-reader.yml @@ -0,0 +1,26 @@ +# For kubectl get node, required for kafka init container rack awareness +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: node-reader +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kafka-node-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: node-reader +subjects: +- kind: ServiceAccount + name: default + namespace: kafka From 05107fd5ab40846517c3539310cfe29c4f2b2e5e Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 05:31:00 +0200 Subject: [PATCH 09/31] I don't really care, but which yaml indentation is winning? --- rbac-namespace-default/node-reader.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml index 50541827..3a133a80 100644 --- a/rbac-namespace-default/node-reader.yml +++ b/rbac-namespace-default/node-reader.yml @@ -5,12 +5,12 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: node-reader rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 From a8ee55bb48a4915b2f119b0f409e7e714d9faf55 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 05:45:29 +0200 Subject: [PATCH 10/31] With default service account curl works again fixes https://github.com/Yolean/kubernetes-kafka/pull/39 --- rbac-namespace-default/events-watcher.yml | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rbac-namespace-default/events-watcher.yml diff --git a/rbac-namespace-default/events-watcher.yml b/rbac-namespace-default/events-watcher.yml new file mode 100644 index 00000000..6194e845 --- /dev/null +++ b/rbac-namespace-default/events-watcher.yml @@ -0,0 +1,26 @@ +# For kubectl get node, required for kafka init container rack awareness +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: events-watcher +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kafka-events-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: events-watcher +subjects: +- kind: ServiceAccount + name: default + namespace: kafka From 35974266ae938856f3a254b12308b1a99e67e5e7 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 05:53:02 +0200 Subject: [PATCH 11/31] Got the feeling from kubectl get clusterrole ... that having access control rules, in particular cluster scoped, lying around without knowing where they come from will be unmaintainable over time. Labels show up nicely in describe. --- rbac-namespace-default/events-watcher.yml | 4 ++++ rbac-namespace-default/node-reader.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/rbac-namespace-default/events-watcher.yml b/rbac-namespace-default/events-watcher.yml index 6194e845..3b2e76d8 100644 --- a/rbac-namespace-default/events-watcher.yml +++ b/rbac-namespace-default/events-watcher.yml @@ -4,6 +4,8 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: events-watcher + labels: + origin: github.com_Yolean_kubernetes-kafka rules: - apiGroups: - "" @@ -16,6 +18,8 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kafka-events-watcher + labels: + origin: github.com_Yolean_kubernetes-kafka roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml index 3a133a80..04545793 100644 --- a/rbac-namespace-default/node-reader.yml +++ b/rbac-namespace-default/node-reader.yml @@ -4,6 +4,8 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka rules: - apiGroups: - "" @@ -16,6 +18,8 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kafka-node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole From 8f637b7385ce3d1e4737fdb8c34801f10e49b2ae Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 06:10:47 +0200 Subject: [PATCH 12/31] Recommends that you create rbac --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 9853d12e..e0cdf911 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,13 @@ For clients we tend to use [librdkafka](https://github.com/edenhill/librdkafka)- To use [Kafka Connect](http://kafka.apache.org/documentation/#connect) and [Kafka Streams](http://kafka.apache.org/documentation/streams/) you may want to take a look at our [sample](https://github.com/solsson/dockerfiles/tree/master/connect-files) [Dockerfile](https://github.com/solsson/dockerfiles/tree/master/streams-logfilter)s. Don't forget the [addon](https://github.com/Yolean/kubernetes-kafka/labels/addon)s. +## RBAC + +For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) there's a minimal set of policies in +``` +kubectl apply -f rbac-namespace-default/ +``` + # Tests ``` From 27421fb58b902e595adcf062857a369485cc91cf Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 06:11:06 +0200 Subject: [PATCH 13/31] Shows how to see that you need rbac, but makes readme heavier --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index e0cdf911..c9e6c591 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,15 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r kubectl apply -f rbac-namespace-default/ ``` +For example here's how you see that `kafka`s init containers need RBAC for [rack awareness](https://github.com/Yolean/kubernetes-kafka/pull/41): +``` +$ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack +#init#broker.rack=# zone lookup failed, see -c init-config logs +$ kubectl logs -c init-config kafka-0 +++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +``` + # Tests ``` From 1c6b7bb2866ab531ddaa55c0bed538ae9bd73a40 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 06:15:18 +0200 Subject: [PATCH 14/31] Addons can maintain their policies, so moving this to https://github.com/Yolean/kubernetes-kafka/pull/39 --- rbac-namespace-default/events-watcher.yml | 30 ----------------------- 1 file changed, 30 deletions(-) delete mode 100644 rbac-namespace-default/events-watcher.yml diff --git a/rbac-namespace-default/events-watcher.yml b/rbac-namespace-default/events-watcher.yml deleted file mode 100644 index 3b2e76d8..00000000 --- a/rbac-namespace-default/events-watcher.yml +++ /dev/null @@ -1,30 +0,0 @@ -# For kubectl get node, required for kafka init container rack awareness ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: events-watcher - labels: - origin: github.com_Yolean_kubernetes-kafka -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: kafka-events-watcher - labels: - origin: github.com_Yolean_kubernetes-kafka -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: events-watcher -subjects: -- kind: ServiceAccount - name: default - namespace: kafka From 79d65fd2e35b29df9cc936ceba3e4b4a1c151201 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 06:28:56 +0200 Subject: [PATCH 15/31] Details will live in the respective policies --- README.md | 9 --------- rbac-namespace-default/node-reader.yml | 9 ++++++++- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c9e6c591..e0cdf911 100644 --- a/README.md +++ b/README.md @@ -59,15 +59,6 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r kubectl apply -f rbac-namespace-default/ ``` -For example here's how you see that `kafka`s init containers need RBAC for [rack awareness](https://github.com/Yolean/kubernetes-kafka/pull/41): -``` -$ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack -#init#broker.rack=# zone lookup failed, see -c init-config logs -$ kubectl logs -c init-config kafka-0 -++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' -Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" -``` - # Tests ``` diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml index 04545793..62669cde 100644 --- a/rbac-namespace-default/node-reader.yml +++ b/rbac-namespace-default/node-reader.yml @@ -1,4 +1,11 @@ -# For kubectl get node, required for kafka init container rack awareness +# To see if init containers need RBAC: +# +# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack +# #init#broker.rack=# zone lookup failed, see -c init-config logs +# $ kubectl logs -c init-config kafka-0 +# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +# --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 From 13520a6f495fc59d4901c9e39eb3498598a5e1ee Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 06:30:25 +0200 Subject: [PATCH 16/31] Moved to its PR, multizone-rack-awareness --- rbac-namespace-default/node-reader.yml | 37 -------------------------- 1 file changed, 37 deletions(-) delete mode 100644 rbac-namespace-default/node-reader.yml diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml deleted file mode 100644 index 62669cde..00000000 --- a/rbac-namespace-default/node-reader.yml +++ /dev/null @@ -1,37 +0,0 @@ -# To see if init containers need RBAC: -# -# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack -# #init#broker.rack=# zone lookup failed, see -c init-config logs -# $ kubectl logs -c init-config kafka-0 -# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' -# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" -# ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: node-reader - labels: - origin: github.com_Yolean_kubernetes-kafka -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: kafka-node-reader - labels: - origin: github.com_Yolean_kubernetes-kafka -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: node-reader -subjects: -- kind: ServiceAccount - name: default - namespace: kafka From 23e1d9e6e052cb374e22bc732505bf4e026fb3a3 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 19 Jul 2017 07:08:30 +0200 Subject: [PATCH 17/31] Temp commit so that github allows a PR to be created, where I can keep notes --- 10broker-config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/10broker-config.yml b/10broker-config.yml index a246e808..bbf0e446 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -34,6 +34,8 @@ data: # The id of the broker. This must be set to a unique integer for each broker. broker.id=${KAFKA_BROKER_ID} + #broker.rack=${KAFKA_BROKER_RACK} + # Switch to enable topic deletion or not, default value is false delete.topic.enable=true From c0645eefd5dc75b9e9b002b5dd5b009d39b6fd42 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Tue, 1 Aug 2017 06:52:58 +0200 Subject: [PATCH 18/31] Starts scripting, but the API call gets 403 for anonymous user --- 10broker-config.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/10broker-config.yml b/10broker-config.yml index bbf0e446..93bc8f0e 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -11,6 +11,19 @@ data: export KAFKA_BROKER_ID=${HOSTNAME##*-} sed -i "s/\${KAFKA_BROKER_ID}/$KAFKA_BROKER_ID/" /etc/kafka/server.properties + PODNAME=$HOSTNAME + NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) + + # todo add curl to kafka image, switch to a curl image for init or write the whole lookup in java + hash curl 2>/dev/null || { apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install curl -y --no-install-recommends; } + + API=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api + AUTH="--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)\"" + + curl -s $AUTH $API/namespaces/kafka/pods/$PODNAME -I --fail-early || { + echo "Access problems. Could be RBAC." + } + server.properties: |- # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with From 8fe76ff94e7452bd183df3d63af262822a695d71 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 3 Aug 2017 06:28:41 +0200 Subject: [PATCH 19/31] Looks up zone if kubectl is found, tries to not break config otherwise --- 10broker-config.yml | 24 ++++++++++++------------ 50kafka.yml | 5 +++++ 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/10broker-config.yml b/10broker-config.yml index 93bc8f0e..8f9d9d5a 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -11,17 +11,17 @@ data: export KAFKA_BROKER_ID=${HOSTNAME##*-} sed -i "s/\${KAFKA_BROKER_ID}/$KAFKA_BROKER_ID/" /etc/kafka/server.properties - PODNAME=$HOSTNAME - NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) - - # todo add curl to kafka image, switch to a curl image for init or write the whole lookup in java - hash curl 2>/dev/null || { apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install curl -y --no-install-recommends; } - - API=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api - AUTH="--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)\"" - - curl -s $AUTH $API/namespaces/kafka/pods/$PODNAME -I --fail-early || { - echo "Access problems. Could be RBAC." + hash kubectl 2>/dev/null || { + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/" /etc/kafka/server.properties + } && { + ZONE=$(kubectl get node "$NODE_NAME" -o=go-template='{{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}') + if [ $? -ne 0 ]; then + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/" /etc/kafka/server.properties + elif [ "x$ZONE" == "x" ]; then + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# zone label not found for node $NODE_NAME/" /etc/kafka/server.properties + else + sed -i "s/#init#broker.rack=#init#/broker.rack=$ZONE/" /etc/kafka/server.properties + fi } server.properties: |- @@ -47,7 +47,7 @@ data: # The id of the broker. This must be set to a unique integer for each broker. broker.id=${KAFKA_BROKER_ID} - #broker.rack=${KAFKA_BROKER_RACK} + #init#broker.rack=#init# # Switch to enable topic deletion or not, default value is false delete.topic.enable=true diff --git a/50kafka.yml b/50kafka.yml index 4404a6be..1280590c 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -16,6 +16,11 @@ spec: initContainers: - name: init-config image: solsson/kafka:0.11.0.0@sha256:b27560de08d30ebf96d12e74f80afcaca503ad4ca3103e63b1fd43a2e4c976ce + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName command: ['/bin/bash', '/etc/kafka/init.sh'] volumeMounts: - name: config From 7e7b342b108a2e2c18446a3ecc7012eec8b8cd51 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 3 Aug 2017 06:52:13 +0200 Subject: [PATCH 20/31] Uses an image with kubectl based on the same debian tag as kafka --- 50kafka.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/50kafka.yml b/50kafka.yml index 1280590c..c92d68e8 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -15,7 +15,7 @@ spec: terminationGracePeriodSeconds: 30 initContainers: - name: init-config - image: solsson/kafka:0.11.0.0@sha256:b27560de08d30ebf96d12e74f80afcaca503ad4ca3103e63b1fd43a2e4c976ce + image: solsson/kubectl-kafkacat@sha256:450cf4e25f19020ab23200890e51aad333eec9bbff28ce6c22c90146aa726075 env: - name: NODE_NAME valueFrom: From 3678ad5db2290af7a1bbc64d297de2d40edc2a6e Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 3 Aug 2017 14:19:50 +0200 Subject: [PATCH 21/31] I suppose most init scripts will do fine with curl+kubectl+bash --- 50kafka.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/50kafka.yml b/50kafka.yml index c92d68e8..2c42dc77 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -15,7 +15,7 @@ spec: terminationGracePeriodSeconds: 30 initContainers: - name: init-config - image: solsson/kubectl-kafkacat@sha256:450cf4e25f19020ab23200890e51aad333eec9bbff28ce6c22c90146aa726075 + image: solsson/kafka-initutils@sha256:c275d681019a0d8f01295dbd4a5bae3cfa945c8d0f7f685ae1f00f2579f08c7d env: - name: NODE_NAME valueFrom: From ff972b99cc6ae2af5d5d420c43ce1304e6879aeb Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 07:02:46 +0200 Subject: [PATCH 22/31] Adds RBAC policy for kubectl to look up node's zone --- rbac-namespace-default/node-reader.yml | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 rbac-namespace-default/node-reader.yml diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml new file mode 100644 index 00000000..edf3dde1 --- /dev/null +++ b/rbac-namespace-default/node-reader.yml @@ -0,0 +1,37 @@ +# To see if init containers need RBAC: +# +# $ kubectl exec kafka-0 -- cat /etc/kafka/server.properties | grep broker.rack +# #init#broker.rack=# zone lookup failed, see -c init-config logs +# $ kubectl logs -c init-config kafka-0 +# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +# +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kafka-node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: node-reader +subjects: +- kind: ServiceAccount + name: default + namespace: kafka From 723c514fb0121b779c17aa289f6757f7d842326c Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 07:07:23 +0200 Subject: [PATCH 23/31] got merged --- qa-yolean.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/qa-yolean.sh b/qa-yolean.sh index 89401283..f6063f17 100755 --- a/qa-yolean.sh +++ b/qa-yolean.sh @@ -32,7 +32,6 @@ REVS="$START:$(git rev-parse --short ${FROM}$START)" git checkout -b qa-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ - multizone-rack-awareness \ addon-storage-classes \ rolling-update \ addon-metrics \ From 2ca4453d7e9da4b7089fc41e0c41e89ab5e5f8cc Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 3 Aug 2017 15:23:38 +0200 Subject: [PATCH 24/31] The default is Delete, which violates our no-surpises ambition --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index e0cdf911..467e158d 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,14 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r kubectl apply -f rbac-namespace-default/ ``` +## Set "reclaim policy" for persistent volumes + +Caution: For each new kafka and pzoo pod you have to [manually set Reclaim Policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) +to avoid losing your data if the [PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)s or [PV](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistent-volumes)s are deleted, +including if the `kafka` namespace is deleted and recreated. + +See [feature#352](https://github.com/kubernetes/features/issues/352) [#38192](https://github.com/kubernetes/kubernetes/issues/38192) [#47987](https://github.com/kubernetes/kubernetes/pull/47987) for details on why this isn't supported (yet) in manifests. + # Tests ``` From 7e83bac0e2761d610f165b29a183a4d8bedfd491 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 4 Aug 2017 06:59:35 +0200 Subject: [PATCH 25/31] Shorter, possibly clearer --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 467e158d..eb87e80f 100644 --- a/README.md +++ b/README.md @@ -59,13 +59,13 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r kubectl apply -f rbac-namespace-default/ ``` -## Set "reclaim policy" for persistent volumes +## Caution: `Delete` Reclaim Policy is default -Caution: For each new kafka and pzoo pod you have to [manually set Reclaim Policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) -to avoid losing your data if the [PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)s or [PV](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistent-volumes)s are deleted, -including if the `kafka` namespace is deleted and recreated. +In production you likely want to [manually set Reclaim Policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/), +our your data will be gone if the generated [volume claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)s are deleted. -See [feature#352](https://github.com/kubernetes/features/issues/352) [#38192](https://github.com/kubernetes/kubernetes/issues/38192) [#47987](https://github.com/kubernetes/kubernetes/pull/47987) for details on why this isn't supported (yet) in manifests. +This can't be done [in manifests](https://github.com/Yolean/kubernetes-kafka/pull/50), +at least not [until Kubernetes 1.8](https://github.com/kubernetes/features/issues/352). # Tests From 1f4321ea7c7431f0c90f39e794c86a4363e81f3f Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 5 Aug 2017 07:22:23 +0200 Subject: [PATCH 26/31] We prefer Ready:False status instead of restarted pods, at least for now, as it allows exec into the pods to investigate. We've been having frequent restarts that are not due to OOMKilled (i.e. not #49). Now failed probes will lead to unready pods, which we can monitor for using #60. --- 50kafka.yml | 2 +- zookeeper/50pzoo.yml | 6 ------ zookeeper/51zoo.yml | 6 ------ 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/50kafka.yml b/50kafka.yml index 2c42dc77..c564ffe3 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -48,7 +48,7 @@ spec: requests: cpu: 100m memory: 512Mi - livenessProbe: + readinessProbe: exec: command: - /bin/sh diff --git a/zookeeper/50pzoo.yml b/zookeeper/50pzoo.yml index f9d5c587..7fd373c4 100644 --- a/zookeeper/50pzoo.yml +++ b/zookeeper/50pzoo.yml @@ -43,12 +43,6 @@ spec: requests: cpu: 10m memory: 100Mi - livenessProbe: - exec: - command: - - /bin/sh - - -c - - '[ "imok" = "$(echo ruok | nc -w 1 127.0.0.1 2181)" ]' readinessProbe: exec: command: diff --git a/zookeeper/51zoo.yml b/zookeeper/51zoo.yml index 778567db..f5d1f91e 100644 --- a/zookeeper/51zoo.yml +++ b/zookeeper/51zoo.yml @@ -46,12 +46,6 @@ spec: requests: cpu: 10m memory: 100Mi - livenessProbe: - exec: - command: - - /bin/sh - - -c - - '[ "imok" = "$(echo ruok | nc -w 1 127.0.0.1 2181)" ]' readinessProbe: exec: command: From 0295ac56d5d4809f5640a42520c7952dfe533674 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sun, 6 Aug 2017 06:49:39 +0200 Subject: [PATCH 27/31] Don't look like env var interpolation, when it's not --- 10broker-config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/10broker-config.yml b/10broker-config.yml index 8f9d9d5a..7d296bf3 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -8,8 +8,8 @@ data: #!/bin/bash set -x - export KAFKA_BROKER_ID=${HOSTNAME##*-} - sed -i "s/\${KAFKA_BROKER_ID}/$KAFKA_BROKER_ID/" /etc/kafka/server.properties + KAFKA_BROKER_ID=${HOSTNAME##*-} + sed -i "s/#init#broker.id=#init#/broker.id=$KAFKA_BROKER_ID/" /etc/kafka/server.properties hash kubectl 2>/dev/null || { sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/" /etc/kafka/server.properties @@ -45,7 +45,7 @@ data: ############################# Server Basics ############################# # The id of the broker. This must be set to a unique integer for each broker. - broker.id=${KAFKA_BROKER_ID} + #init#broker.id=#init# #init#broker.rack=#init# From 197eaf3ed6eb8ffb68fa5f1a6270923373c62a42 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Tue, 8 Aug 2017 11:06:56 +0200 Subject: [PATCH 28/31] I think Schema Registry + REST Proxy is ok for production now --- qa-yolean.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/qa-yolean.sh b/qa-yolean.sh index f6063f17..dcdd6f21 100755 --- a/qa-yolean.sh +++ b/qa-yolean.sh @@ -34,6 +34,7 @@ git checkout -b qa-yolean-$(date +"%Y%m%dT%H%M%S") for BRANCH in \ addon-storage-classes \ rolling-update \ + addon-rest \ addon-metrics \ addon-kube-events-topic do From 4d3754dc039cdab28c8067089989b436ef737209 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Tue, 8 Aug 2017 12:39:34 +0200 Subject: [PATCH 29/31] Still short --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index eb87e80f..c4b545e9 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,13 @@ How to use: * Kafka for real: fork and have a look at [addon](https://github.com/Yolean/kubernetes-kafka/labels/addon)s. * Join the discussion in issues and PRs. -Why? -See for yourself, but we think this project gives you better adaptability than [helm](https://github.com/kubernetes/helm) [chart](https://github.com/kubernetes/charts/tree/master/incubator/kafka)s. No single readable readme or template can properly introduce both Kafka and Kubernets. +No readable readme can properly introduce both [Kafka](http://kafka.apache.org/) and [Kubernets](https://kubernetes.io/), +but we think the combination of the two is a great backbone for microservices. Back when we read [Newman](http://samnewman.io/books/building_microservices/) we were beginners with both. Now we've read [Kleppmann](http://dataintensive.net/), [Confluent](https://www.confluent.io/blog/) and [SRE](https://landing.google.com/sre/book.html) and enjoy this "Streaming Platform" lock-in :smile:. +We also think the plain-yaml approach of this project is easier to understand and evolve than [helm](https://github.com/kubernetes/helm) [chart](https://github.com/kubernetes/charts/tree/master/incubator/kafka)s. + ## What you get Keep an eye on `kubectl --namespace kafka get pods -w`. @@ -50,7 +52,7 @@ kubectl -n kafka logs kafka-0 | grep "Registered broker" That's it. Just add business value :wink:. For clients we tend to use [librdkafka](https://github.com/edenhill/librdkafka)-based drivers like [node-rdkafka](https://github.com/Blizzard/node-rdkafka). To use [Kafka Connect](http://kafka.apache.org/documentation/#connect) and [Kafka Streams](http://kafka.apache.org/documentation/streams/) you may want to take a look at our [sample](https://github.com/solsson/dockerfiles/tree/master/connect-files) [Dockerfile](https://github.com/solsson/dockerfiles/tree/master/streams-logfilter)s. -Don't forget the [addon](https://github.com/Yolean/kubernetes-kafka/labels/addon)s. +And don't forget the [addon](https://github.com/Yolean/kubernetes-kafka/labels/addon)s. ## RBAC @@ -67,7 +69,7 @@ our your data will be gone if the generated [volume claim](https://kubernetes.io This can't be done [in manifests](https://github.com/Yolean/kubernetes-kafka/pull/50), at least not [until Kubernetes 1.8](https://github.com/kubernetes/features/issues/352). -# Tests +## Tests ``` kubectl apply -f test/ From c3969a8a4257155b293918d1d1baf1508417ffc1 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 28 Jul 2017 08:16:38 +0200 Subject: [PATCH 30/31] Adds storage class for Zookeeper, with sample manifests This reverts commit efb1019fd9881f316e0ee355cbafc26e3d146be2. --- README.md | 6 ++++++ configure-gke/storageclass-zookeeper-gke.yml | 7 +++++++ configure-minikube/storageclass-zookeeper-minikube.yml | 5 +++++ zookeeper/50pzoo.yml | 4 +++- 4 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 configure-gke/storageclass-zookeeper-gke.yml create mode 100644 configure-minikube/storageclass-zookeeper-minikube.yml diff --git a/README.md b/README.md index c4b545e9..83afdae4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,12 @@ The goal is to provide [Bootstrap servers](http://kafka.apache.org/documentation Zookeeper at `zookeeper.kafka.svc.cluster.local:2181`. +## Prepare storage classes + +For Minikube run `kubectl create -f configure-minikube/`. + +There's a similar setup for GKE, in `configure-gke` of course. You might want to tweak it before creating. + ## Start Zookeeper The [Kafka book](https://www.confluent.io/resources/kafka-definitive-guide-preview-edition/) recommends that Kafka has its own Zookeeper cluster with at least 5 instances. diff --git a/configure-gke/storageclass-zookeeper-gke.yml b/configure-gke/storageclass-zookeeper-gke.yml new file mode 100644 index 00000000..44891bac --- /dev/null +++ b/configure-gke/storageclass-zookeeper-gke.yml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: kafka-zookeeper +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-ssd diff --git a/configure-minikube/storageclass-zookeeper-minikube.yml b/configure-minikube/storageclass-zookeeper-minikube.yml new file mode 100644 index 00000000..ba89eb46 --- /dev/null +++ b/configure-minikube/storageclass-zookeeper-minikube.yml @@ -0,0 +1,5 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: kafka-zookeeper +provisioner: k8s.io/minikube-hostpath diff --git a/zookeeper/50pzoo.yml b/zookeeper/50pzoo.yml index 7fd373c4..566335ba 100644 --- a/zookeeper/50pzoo.yml +++ b/zookeeper/50pzoo.yml @@ -61,8 +61,10 @@ spec: volumeClaimTemplates: - metadata: name: data + annotations: + volume.beta.kubernetes.io/storage-class: kafka-zookeeper spec: accessModes: [ "ReadWriteOnce" ] resources: requests: - storage: 10Gi + storage: 1Gi From ebcff385696b8d615248a9e9867052c28f48e41c Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 28 Jul 2017 08:21:23 +0200 Subject: [PATCH 31/31] Adds storage class for kafka brokers --- 50kafka.yml | 2 ++ configure-gke/storageclass-broker-gke.yml | 7 +++++++ configure-minikube/storageclass-broker-minikube.yml | 5 +++++ 3 files changed, 14 insertions(+) create mode 100644 configure-gke/storageclass-broker-gke.yml create mode 100644 configure-minikube/storageclass-broker-minikube.yml diff --git a/50kafka.yml b/50kafka.yml index c564ffe3..8f8e2837 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -66,6 +66,8 @@ spec: volumeClaimTemplates: - metadata: name: data + annotations: + volume.beta.kubernetes.io/storage-class: kafka-broker spec: accessModes: [ "ReadWriteOnce" ] resources: diff --git a/configure-gke/storageclass-broker-gke.yml b/configure-gke/storageclass-broker-gke.yml new file mode 100644 index 00000000..d4361485 --- /dev/null +++ b/configure-gke/storageclass-broker-gke.yml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: kafka-broker +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-standard diff --git a/configure-minikube/storageclass-broker-minikube.yml b/configure-minikube/storageclass-broker-minikube.yml new file mode 100644 index 00000000..3cff3b21 --- /dev/null +++ b/configure-minikube/storageclass-broker-minikube.yml @@ -0,0 +1,5 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: kafka-broker +provisioner: k8s.io/minikube-hostpath