Release v1.20.2 (#94)

Signed-off-by: Md Soharab Ansari <[email protected]>
fission · May 27, 2024 · e3f6c3b · e3f6c3b
1 parent c9b3bfa
commit e3f6c3b
Show file tree

Hide file tree

Showing 12 changed files with 271 additions and 7 deletions.
diff --git a/charts/fission-all/Chart.yaml b/charts/fission-all/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: fission-all
-version: v1.20.1
-appVersion: v1.20.1
+version: v1.20.2
+appVersion: v1.20.2
 description: Fission is a fast serverless framework for Kubernetes.
 kubeVersion: ">=1.23.0-0"
 home: https://fission.io/

diff --git a/charts/fission-all/templates/_fission-component-roles.tpl b/charts/fission-all/templates/_fission-component-roles.tpl
@@ -50,6 +50,24 @@ rules:
   - patch
   - delete
 {{- end }}
+{{- define "kafka-rules" }}
+rules:
+- apiGroups:
+  - fission.io
+  resources:
+  - environments
+  - functions
+  - messagequeuetriggers
+  - packages
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+{{- end }}
 {{- define "keda-rules" }}
 rules:
 - apiGroups:

diff --git a/charts/fission-all/templates/_fission-kubernetes-roles.tpl b/charts/fission-all/templates/_fission-kubernetes-roles.tpl
@@ -204,6 +204,54 @@ rules:
   - list
   - watch
 {{- end }}
+{{- define "kafka-kuberules" }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - pods
+  - secrets
+  - services
+  - replicationcontrollers
+  - events
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - deployments/scale
+  - replicasets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+{{- end }}
 {{- define "keda-kuberules" }}
 rules:
 - apiGroups:

diff --git a/charts/fission-all/templates/_fission-kuberntes-role-generator.tpl b/charts/fission-all/templates/_fission-kuberntes-role-generator.tpl
@@ -26,6 +26,9 @@ metadata:
 {{- if eq "kubewatcher" .component }}
 {{- include "kubewatcher-kuberules" . }}
 {{- end }}
+{{- if eq "kafka" .component }}
+{{- include "kafka-kuberules" . }}
+{{- end }}
 {{- if eq "keda" .component }}
 {{- include "keda-kuberules" . }}
 {{- end }}

diff --git a/charts/fission-all/templates/_fission-role-generator.tpl b/charts/fission-all/templates/_fission-role-generator.tpl
@@ -20,6 +20,9 @@ metadata:
 {{- if eq "kubewatcher" .component }}
 {{- include "kubewatcher-rules" . }}
 {{- end }}
+{{- if eq "kafka" .component }}
+{{- include "kafka-rules" . }}
+{{- end }}
 {{- if eq "keda" .component }}
 {{- include "keda-rules" . }}
 {{- end }}

diff --git a/charts/fission-all/templates/mqt-fission-kafka/deployment.yaml b/charts/fission-all/templates/mqt-fission-kafka/deployment.yaml
@@ -0,0 +1,108 @@
+{{- if .Values.kafka.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mqtrigger-kafka
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    svc: mqtrigger
+    messagequeue: kafka
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      svc: mqtrigger
+      messagequeue: kafka
+  template:
+    metadata:
+      labels:
+        svc: mqtrigger
+        messagequeue: kafka
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/path: "/metrics"
+        prometheus.io/port: "8080"
+    spec:
+      containers:
+      - name: mqtrigger
+        image: {{ include "fission-bundleImage" . | quote }}
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        command: ["/fission-bundle"]
+        args: ["--mqt", "--routerUrl", "http://router.{{ .Release.Namespace }}"]
+        ports:
+          - containerPort: 8080
+            name: metrics
+        env:
+        - name: MESSAGE_QUEUE_TYPE
+          value: kafka
+        - name: MESSAGE_QUEUE_URL
+          value: "{{.Values.kafka.brokers}}"
+        - name: MESSAGE_QUEUE_KAFKA_VERSION
+          value: "{{.Values.kafka.version}}"
+        - name: DEBUG_ENV
+          value: {{ .Values.debugEnv | quote }}
+        - name: PPROF_ENABLED
+          value: {{ .Values.pprof.enabled | quote }}
+        {{- include "fission-resource-namespace.envs" . | indent 8 }} 
+        {{- include "opentelemtry.envs" . | indent 8 }}
+        # TLS authentication is TLS with authentication (2 way)
+        # More info: https://docs.confluent.io/current/kafka/authentication_ssl.html#ssl-overview
+        {{- if .Values.kafka.authentication.tls.enabled }}
+        - name: TLS_ENABLED
+          value: "true"
+        - name: MESSAGE_QUEUE_SECRETS
+          value: /etc/fission/secrets
+        - name: INSECURE_SKIP_VERIFY
+          value: "{{ .Values.kafka.authentication.tls.insecureSkipVerify }}"
+        volumeMounts:
+        - name: kafka-secrets
+          mountPath: /etc/fission/secrets
+        {{- end }}
+        {{- if .Values.terminationMessagePath }}
+        terminationMessagePath: {{ .Values.terminationMessagePath }}
+        {{- end }}
+        {{- if .Values.terminationMessagePolicy }}
+        terminationMessagePolicy: {{ .Values.terminationMessagePolicy }}
+        {{- end }}
+      serviceAccountName: fission-kafka
+      {{- if .Values.kafka.authentication.tls.enabled }}
+      volumes:
+      - name: kafka-secrets
+        secret:
+          secretName: mqtrigger-kafka-secrets
+      {{- end }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets: 
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+
+
+---
+{{- if .Values.kafka.authentication.tls.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mqtrigger-kafka-secrets
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+data:
+  {{- if .Files.Get  (printf "%s" .Values.kafka.authentication.tls.caCert) }}
+  caCert: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.caCert) | b64enc }}
+  {{- else }}
+  {{ fail "Invalid chart. CA Certificate not found." }}
+  {{- end }}
+  {{- if .Files.Get (printf "%s" .Values.kafka.authentication.tls.userCert) }}
+  userCert: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.userCert) | b64enc }}
+  {{- else }}
+  {{ fail "Invalid chart. User Certificate not found." }}
+  {{- end }}
+  {{- if .Files.Get (printf "%s" .Values.kafka.authentication.tls.userKey) }}
+  userKey: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.userKey) | b64enc }}
+  {{- else }}
+  {{ fail "Invalid chart. User Key not found." }}
+  {{- end }}
+{{- end }}
+{{- if .Values.extraCoreComponentPodConfig }}
+{{ toYaml .Values.extraCoreComponentPodConfig | indent 6 -}}
+{{- end }}
+{{- end }}
diff --git a/charts/fission-all/templates/mqt-fission-kafka/podmonitor.yaml b/charts/fission-all/templates/mqt-fission-kafka/podmonitor.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: mqt-fission-kafka-monitor
+  {{- if .Values.podMonitor.namespace }}
+  namespace: {{ .Values.podMonitor.namespace }}
+  {{- end }}
+  {{- with .Values.podMonitor.additionalPodMonitorLabels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      svc: mqtrigger
+  podMetricsEndpoints:
+  - port: "metrics"
+    path: "/metrics"
+{{- end -}}
diff --git a/charts/fission-all/templates/mqt-fission-kafka/role-fission-cr.yaml b/charts/fission-all/templates/mqt-fission-kafka/role-fission-cr.yaml
@@ -0,0 +1,7 @@
+{{- include "fission-role-generator" (merge (dict "namespace" .Values.defaultNamespace "component" "kafka") .) }}
+
+{{- if gt (len .Values.additionalFissionNamespaces) 0 }}
+{{- range $namespace := $.Values.additionalFissionNamespaces }}
+{{ include "fission-role-generator" (merge (dict "namespace" $namespace "component" "kafka") $) }}
+{{- end }}
+{{- end }}
diff --git a/charts/fission-all/templates/mqt-fission-kafka/role-kubernetes.yaml b/charts/fission-all/templates/mqt-fission-kafka/role-kubernetes.yaml
@@ -0,0 +1,7 @@
+{{- include "kubernetes-role-generator" (merge (dict "namespace" .Values.defaultNamespace "component" "kafka") .) }}
+
+{{- if gt (len .Values.additionalFissionNamespaces) 0 }}
+{{- range $namespace := $.Values.additionalFissionNamespaces }}
+{{ include "kubernetes-role-generator" (merge (dict "namespace" $namespace "component" "kafka") $) }}
+{{- end }}
+{{- end }}
diff --git a/charts/fission-all/templates/mqt-fission-kafka/serviceaccount.yaml b/charts/fission-all/templates/mqt-fission-kafka/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fission-kafka
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/fission-all/templates/webhook-server/webhooks.yaml b/charts/fission-all/templates/webhook-server/webhooks.yaml
@@ -16,7 +16,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   creationTimestamp: null
-  name: mutating-webhook-configuration
+  name: fission-mutating-webhooks
   {{- if $certManagerEnabled }}
   annotations:
     cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/fission-webhook-cert"
@@ -49,7 +49,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   creationTimestamp: null
-  name: validating-webhook-configuration
+  name: fission-validating-webhooks
   {{- if $certManagerEnabled }}
   annotations:
     cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/fission-webhook-cert"

diff --git a/charts/fission-all/values.yaml b/charts/fission-all/values.yaml
@@ -25,7 +25,7 @@ image: fission/fission-bundle
 ## It is also used by the chart to identify version of the few more images apart from fission-bundle.
 ## Keep it empty for using latest tag.
 ##
-imageTag: v1.20.1
+imageTag: v1.20.2
 
 ## pullPolicy represents the pull policy to use for images in the chart.
 ##
@@ -106,7 +106,7 @@ fetcher:
   ## image represents the image of the fetcher component.
   image: fission/fetcher
   ## imageTag represents the tag of the image of the fetcher component.
-  imageTag: v1.20.1
+  imageTag: v1.20.2
 
   ## Fetcher is only for to downloading or uploading archive.
   ## Normally, you don't need to change the value here, unless necessary.
@@ -466,6 +466,48 @@ timer:
     runAsUser: 10001
     runAsGroup: 10001
 
+## Kafka: enable and configure the details
+##
+kafka:
+  enabled: false
+  ## note: below link is only for reference.
+  ## Please use the brokers link for your kafka here.
+  ##
+  brokers: "broker.kafka:9092" # or your-bootstrap-server.kafka:9092/9093
+  ## Sample config for authentication
+  ## authentication:
+  ##   tls:
+  ##     enabled: true
+  ##     caCert: 'auth/kafka/ca.crt'
+  ##     userCert: 'auth/kafka/user.crt'
+  ##     userKey: 'auth/kafka/user.key'
+  ##
+  authentication:
+    tls:
+      enabled: false
+      ## InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name.
+      ## Warning: Setting this to true, makes TLS susceptible to man-in-the-middle attacks
+      ##
+      insecureSkipVerify: false
+      ## path to certificate containing public key of CA authority
+      ##
+      caCert: ""
+      ## path to certificate containing public key of the user signed by CA authority
+      ##
+      userCert: ""
+      ## path to private key of the user
+      ##
+      userKey: ""
+
+  ## version of Kafka broker
+  ## For 0.x it must be a string in the format
+  ## "major.minor.veryMinor.patch" example: 0.8.2.0
+  ## For 1.x it must be a string in the format
+  ## "major.major.veryMinor" example: 2.0.1
+  ## Should be >= 0.11.2.0 to enable Kafka record headers support
+  ##
+  # version: "0.11.2.0"
+
 # The following components expose Prometheus metrics and have servicemonitors in this chart (disabled by default)
 # router, executor, storage svc
 serviceMonitor:
@@ -621,7 +663,7 @@ preUpgradeChecks:
   image: fission/pre-upgrade-checks
   ## pre-install/pre-upgrade checks image version
   ##
-  imageTag: v1.20.1
+  imageTag: v1.20.2
 
 ## Fission post-install/post-upgrade reporting live in this image
 ##