redpanda

package
v0.0.0-...-833fa64 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0, Apache-2.0 Imports: 29 Imported by: 2

README

Redpanda Helm Chart Specification


description: Find the default values and descriptions of settings in the Redpanda Helm chart.

This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s values.yaml file. Each of the settings is listed and described on this page, along with any default values.

For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the deployment documentation.


Autogenerated from chart metadata using helm-docs v1.14.2

Source Code

Requirements

Kubernetes: >= 1.25.0-0

Repository Name Version
https://charts.redpanda.com connectors >=0.1.2 <1.0
https://charts.redpanda.com console >=0.5 <1.0

Settings

affinity

Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the Kubernetes documentation.

Default: {}

auditLogging

Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0.

Default:

{"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null}
auditLogging.clientMaxBufferSize

Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.

Default: 16777216

auditLogging.enabled

Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled.

Default: false

auditLogging.enabledEventTypes

Event types that should be captured by audit logs, default is [admin, authenticate, management].

Default: nil

auditLogging.excludedPrincipals

List of principals to exclude from auditing, default is null.

Default: nil

auditLogging.excludedTopics

List of topics to exclude from auditing, default is null.

Default: nil

auditLogging.listener

Kafka listener name, note that it must have authenticationMethod set to sasl. For external listeners, use the external listener name, such as default.

Default: "internal"

auditLogging.partitions

Integer value defining the number of partitions used by a newly created audit topic.

Default: 12

auditLogging.queueDrainIntervalMs

In ms, frequency in which per shard audit logs are batched to client for write to audit log.

Default: 500

auditLogging.queueMaxBufferSizePerShard

Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard.

Default: 1048576

auditLogging.replicationFactor

Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null

Default: nil

auth

Authentication settings. For details, see the SASL documentation.

Default:

{"sasl":{"bootstrapUser":{"mechanism":"SCRAM-SHA-256"},"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}}
auth.sasl.bootstrapUser

Details about how to create the bootstrap user for the cluster. The secretKeyRef is optionally specified. If it is specified, the chart will use a password written to that secret when creating the "kubernetes-controller" bootstrap user. If it is unspecified, then the secret will be generated and stored in the secret "releasename"-bootstrap-user, with the key "password".

Default:

{"mechanism":"SCRAM-SHA-256"}
auth.sasl.bootstrapUser.mechanism

The authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

Default: "SCRAM-SHA-256"

auth.sasl.enabled

Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in auth.sasl.secretRef.

Default: false

auth.sasl.mechanism

The authentication mechanism to use for the superuser. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

Default: "SCRAM-SHA-512"

auth.sasl.secretRef

A Secret that contains your superuser credentials. For details, see the SASL documentation.

Default: "redpanda-users"

auth.sasl.users

Optional list of superusers. These superusers will be created in the Secret whose name is defined in auth.sasl.secretRef. If this list is empty, the Secret in auth.sasl.secretRef must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own.

Default: []

clusterDomain

Default Kubernetes cluster domain.

Default: "cluster.local"

commonLabels

Additional labels to add to all Kubernetes objects. For example, my.k8s.service: redpanda.

Default: {}

config

This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the configuration documentation.

Default:

{"cluster":{},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}}
config.cluster

Cluster Configuration Properties

Default: {}

config.node

Broker (node) Configuration Properties.

Default: {"crash_loop_limit":5}

config.node.crash_loop_limit

Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit

Default: 5

config.tunable

Tunable cluster properties. Deprecated: all settings here may be specified via config.cluster.

Default:

{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}
config.tunable.compacted_log_segment_size

See the property reference documentation.

Default: 67108864

config.tunable.kafka_connection_rate_limit

See the property reference documentation.

Default: 1000

config.tunable.log_segment_size_max

See the property reference documentation.

Default: 268435456

config.tunable.log_segment_size_min

See the property reference documentation.

Default: 16777216

config.tunable.max_compacted_log_segment_size

See the property reference documentation.

Default: 536870912

connectors

Redpanda Managed Connectors settings For a reference of configuration settings, see the Redpanda Connectors documentation.

Default:

{"deployment":{"create":false},"enabled":false,"test":{"create":false}}
console

Redpanda Console settings. For a reference of configuration settings, see the Redpanda Console documentation.

Default:

{"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}}
enterprise

Enterprise (optional) For details, see the License documentation.

Default:

{"license":"","licenseSecretRef":{}}
enterprise.license

license (optional).

Default: ""

enterprise.licenseSecretRef

Secret name and key where the license key is stored.

Default: {}

external

External access settings. For details, see the Networking and Connectivity documentation.

Default:

{"enabled":true,"service":{"enabled":true},"type":"NodePort"}
external.enabled

Enable external access for each Service. You can toggle external access for each listener in listeners.<service name>.external.<listener-name>.enabled.

Default: true

external.service

Service allows you to manage the creation of an external kubernetes service object

Default: {"enabled":true}

external.service.enabled

Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service.

Default: true

external.type

External access type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority.

Default: "NodePort"

fullnameOverride

Override redpanda.fullname template.

Default: ""

image

Redpanda Docker image settings.

Default:

{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""}
image.pullPolicy

The imagePullPolicy. If image.tag is 'latest', the default is Always.

Default: "IfNotPresent"

image.repository

Docker repository from which to pull the Redpanda Docker image.

Default:

"docker.redpanda.com/redpandadata/redpanda"
image.tag

The Redpanda version. See DockerHub for: All stable versions and all unstable versions.

Default: Chart.appVersion.

imagePullSecrets

Pull secrets may be used to provide credentials to image repositories See the Kubernetes documentation.

Default: []

license_key

DEPRECATED Enterprise license key (optional). For details, see the License documentation.

Default: ""

license_secret_ref

DEPRECATED Secret name and secret key where the license key is stored.

Default: {}

listeners

Listener settings. Override global settings configured above for individual listeners. For details, see the listeners documentation.

Default:

{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}}
listeners.admin

Admin API listener (only one).

Default:

{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}}
listeners.admin.external

Optional external access settings.

Default:

{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}}
listeners.admin.external.default

Name of the external listener.

Default:

{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}
listeners.admin.external.default.tls

The port advertised to this listener's external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, listeners.admin.port is used.

Default: {"cert":"external"}

listeners.admin.port

The port for both internal and external connections to the Admin API.

Default: 9644

listeners.admin.tls

Optional TLS section (required if global TLS is enabled)

Default:

{"cert":"default","requireClientAuth":false}
listeners.admin.tls.cert

Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs).

Default: "default"

listeners.admin.tls.requireClientAuth

If true, the truststore file for this listener is included in the ConfigMap.

Default: false

listeners.http

HTTP API listeners (aka PandaProxy).

Default:

{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}}
listeners.kafka

Kafka API listeners.

Default:

{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}}
listeners.kafka.external.default.advertisedPorts

If undefined, listeners.kafka.external.default.port is used.

Default: [31092]

listeners.kafka.external.default.port

The port used for external client connections.

Default: 9094

listeners.kafka.port

The port for internal client connections.

Default: 9093

listeners.rpc

RPC listener (this is never externally accessible).

Default:

{"port":33145,"tls":{"cert":"default","requireClientAuth":false}}
listeners.schemaRegistry

Schema registry listeners.

Default:

{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}
logging

Log-level settings.

Default:

{"logLevel":"info","usageStats":{"enabled":true}}
logging.logLevel

Log level Valid values (from least to most verbose) are: warn, info, debug, and trace.

Default: "info"

logging.usageStats

Send usage statistics back to Redpanda Data. For details, see the stats reporting documentation.

Default: {"enabled":true}

monitoring

Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics.

Default:

{"enabled":false,"labels":{},"scrapeInterval":"30s"}
nameOverride

Override redpanda.name template.

Default: ""

nodeSelector

Node selection constraints for scheduling Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.

Default: {}

post_install_job.affinity

Default: {}

post_install_job.enabled

Default: true

post_install_job.podTemplate.annotations

Annotations to apply (or overwrite the default) to the Pods of this Job.

Default: {}

post_install_job.podTemplate.labels

Labels to apply (or overwrite the default) to the Pods of this Job.

Default: {}

post_install_job.podTemplate.spec

A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.

Default:

{"containers":[{"env":[],"name":"post-install","securityContext":{}}],"securityContext":{}}
rackAwareness

Rack Awareness settings. For details, see the Rack Awareness documentation.

Default:

{"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"}
rackAwareness.enabled

When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with "get" Node permissions. To have the Helm chart configure these permissions, set serviceAccount.create=true and rbac.enabled=true.

Default: false

rackAwareness.nodeAnnotation

The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation.

Default:

"topology.kubernetes.io/zone"
rbac

Role Based Access Control.

Default:

{"annotations":{},"enabled":false}
rbac.annotations

Annotations to add to the rbac resources.

Default: {}

rbac.enabled

Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles.

Default: false

resources

Pod resource management. This section simplifies resource allocation by providing a single location where resources are defined. Helm sets these resource values within the statefulset.yaml and configmap.yaml templates. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the Pod resources documentation.

Default:

{"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}}
resources.cpu

CPU resources. For details, see the Pod resources documentation.

Default: {"cores":1}

resources.cpu.cores

Redpanda makes use of a thread per core model. For details, see this blog. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is supported only from 24.3 Redpanda version. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy.

Default: 1

resources.memory

Memory resources For details, see the Pod resources documentation.

Default:

{"container":{"max":"2.5Gi"}}
resources.memory.container

Enables memory locking. For production, set to true. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect --memory and --reserve-memory flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create Guaranteed Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request.

Default: {"max":"2.5Gi"}

resources.memory.container.max

Maximum memory count for each Redpanda broker. Equivalent to resources.limits.memory. For production, use 10Gi or greater.

Default: "2.5Gi"

serviceAccount

Service account management.

Default:

{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""}
serviceAccount.annotations

Annotations to add to the service account.

Default: {}

serviceAccount.automountServiceAccountToken

Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers

Default: false

serviceAccount.create

Specifies whether a service account should be created.

Default: false

serviceAccount.name

The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the redpanda.fullname template.

Default: ""

statefulset.additionalRedpandaCmdFlags

Additional flags to pass to redpanda,

Default: []

statefulset.additionalSelectorLabels

Additional labels to be added to statefulset label selector. For example, my.k8s.service: redpanda.

Default: {}

statefulset.annotations

DEPRECATED Please use statefulset.podTemplate.annotations. Annotations are used only for Statefulset.spec.template.metadata.annotations. The StatefulSet does not have any dedicated annotation.

Default: {}

statefulset.budget.maxUnavailable

Default: 1

statefulset.extraVolumeMounts

Default: ""

statefulset.extraVolumes

Default: ""

statefulset.initContainerImage.repository

Default: "busybox"

statefulset.initContainerImage.tag

Default: "latest"

statefulset.initContainers.configurator.extraVolumeMounts

Default: ""

statefulset.initContainers.configurator.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.extraInitContainers

Default: ""

statefulset.initContainers.fsValidator.enabled

Default: false

statefulset.initContainers.fsValidator.expectedFS

Default: "xfs"

statefulset.initContainers.fsValidator.extraVolumeMounts

Default: ""

statefulset.initContainers.fsValidator.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.setDataDirOwnership.enabled

In environments where root is not allowed, you cannot change the ownership of files and directories. Enable setDataDirOwnership when using default minikube cluster configuration.

Default: false

statefulset.initContainers.setDataDirOwnership.extraVolumeMounts

Default: ""

statefulset.initContainers.setDataDirOwnership.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.setTieredStorageCacheDirOwnership.extraVolumeMounts

Default: ""

statefulset.initContainers.setTieredStorageCacheDirOwnership.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.tuning.extraVolumeMounts

Default: ""

statefulset.initContainers.tuning.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.livenessProbe.failureThreshold

Default: 3

statefulset.livenessProbe.initialDelaySeconds

Default: 10

statefulset.livenessProbe.periodSeconds

Default: 10

statefulset.nodeSelector

Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the Kubernetes documentation.

Default: {}

statefulset.podAffinity

Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation.

Default: {}

statefulset.podAntiAffinity

Anti-affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation. You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults.

Default:

{"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100}
statefulset.podAntiAffinity.custom

Change podAntiAffinity.type to custom and provide your own podAntiAffinity rules here.

Default: {}

statefulset.podAntiAffinity.topologyKey

The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc.

Default: "kubernetes.io/hostname"

statefulset.podAntiAffinity.type

Valid anti-affinity types are soft, hard, or custom. Use custom if you want to supply your own anti-affinity rules in the podAntiAffinity.custom object.

Default: "hard"

statefulset.podAntiAffinity.weight

Weight for soft anti-affinity rules. Does not apply to other anti-affinity types.

Default: 100

statefulset.podTemplate.annotations

Additional annotations to apply to the Pods of the StatefulSet.

Default: {}

statefulset.podTemplate.labels

Additional labels to apply to the Pods of the StatefulSet.

Default: {}

statefulset.podTemplate.spec

A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.

Default:

{"containers":[{"env":[],"name":"redpanda","securityContext":{}}],"securityContext":{}}
statefulset.priorityClassName

PriorityClassName given to Pods of this StatefulSet. For details, see the Kubernetes documentation.

Default: ""

statefulset.readinessProbe.failureThreshold

Default: 3

statefulset.readinessProbe.initialDelaySeconds

Default: 1

statefulset.readinessProbe.periodSeconds

Default: 10

statefulset.readinessProbe.successThreshold

Default: 1

statefulset.replicas

Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster)

Default: 3

statefulset.securityContext

DEPRECATED: Prefer to use podTemplate.spec.securityContext or podTemplate.spec.containers[0].securityContext.

Default:

{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":101}
statefulset.sideCars.configWatcher.enabled

Default: true

statefulset.sideCars.configWatcher.extraVolumeMounts

Default: ""

statefulset.sideCars.configWatcher.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy

Default: {}

statefulset.sideCars.configWatcher.securityContext

Default: {}

statefulset.sideCars.controllers.createRBAC

Default: true

statefulset.sideCars.controllers.enabled

Default: false

statefulset.sideCars.controllers.healthProbeAddress

Default: ":8085"

statefulset.sideCars.controllers.image.repository

Default:

"docker.redpanda.com/redpandadata/redpanda-operator"
statefulset.sideCars.controllers.image.tag

Default: "v2.3.5-24.3.2"

statefulset.sideCars.controllers.metricsAddress

Default: ":9082"

statefulset.sideCars.controllers.pprofAddress

Default: ":9083"

statefulset.sideCars.controllers.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy

Default: {}

statefulset.sideCars.controllers.run[0]

Default: "all"

statefulset.sideCars.controllers.securityContext

Default: {}

statefulset.startupProbe

Adjust the period for your probes to meet your needs. For details, see the Kubernetes documentation.

Default:

{"failureThreshold":120,"initialDelaySeconds":1,"periodSeconds":10}
statefulset.terminationGracePeriodSeconds

Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination

Default: 90

statefulset.tolerations

Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the Kubernetes documentation.

Default: []

statefulset.topologySpreadConstraints[0].maxSkew

Default: 1

statefulset.topologySpreadConstraints[0].topologyKey

Default:

"topology.kubernetes.io/zone"
statefulset.topologySpreadConstraints[0].whenUnsatisfiable

Default: "ScheduleAnyway"

statefulset.updateStrategy.type

Default: "RollingUpdate"

storage

Persistence settings. For details, see the storage documentation.

Default:

{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"none","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}
storage.hostPath

Absolute path on the host to store Redpanda's data. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect.

Default: ""

storage.persistentVolume

If persistentVolume.enabled is true, a PersistentVolumeClaim is created and used to store Redpanda's data. Otherwise, storage.hostPath is used.

Default:

{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""}
storage.persistentVolume.annotations

Additional annotations to apply to the created PersistentVolumeClaims.

Default: {}

storage.persistentVolume.labels

Additional labels to apply to the created PersistentVolumeClaims.

Default: {}

storage.persistentVolume.nameOverwrite

Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume

Default: ""

storage.persistentVolume.storageClass

To disable dynamic provisioning, set to -. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).

Default: ""

storage.tiered.config

Tiered Storage settings Requires enterprise.licenseKey or enterprised.licenseSecretRef For details, see the Tiered Storage documentation. For a list of properties, see Object Storage Properties.

Default:

{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false}
storage.tiered.config.cloud_storage_cache_size

Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the property reference documentation.

Default: 5368709120

storage.tiered.config.cloud_storage_enable_remote_read

Cluster level default remote read configuration for new topics. See the property reference documentation.

Default: true

storage.tiered.config.cloud_storage_enable_remote_write

Cluster level default remote write configuration for new topics. See the property reference documentation.

Default: true

storage.tiered.config.cloud_storage_enabled

Global flag that enables Tiered Storage if a license key is provided. See the property reference documentation.

Default: false

storage.tiered.hostPath

Absolute path on the host to store Redpanda's Tiered Storage cache.

Default: ""

storage.tiered.persistentVolume.annotations

Additional annotations to apply to the created PersistentVolumeClaims.

Default: {}

storage.tiered.persistentVolume.labels

Additional labels to apply to the created PersistentVolumeClaims.

Default: {}

storage.tiered.persistentVolume.storageClass

To disable dynamic provisioning, set to "-". If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).

Default: ""

tests.enabled

Default: true

tls

TLS settings. For details, see the TLS documentation.

Default:

{"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true}
tls.certs

List all Certificates here, then you can reference a specific Certificate's name in each listener's listeners.<listener name>.tls.cert setting.

Default:

{"default":{"caEnabled":true},"external":{"caEnabled":true}}
tls.certs.default

This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate's name in listeners.<listener-name>.tls.cert.

Default: {"caEnabled":true}

tls.certs.default.caEnabled

Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container's CA certificates.

Default: true

tls.certs.external

Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners.

Default: {"caEnabled":true}

tls.certs.external.caEnabled

Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container's CA certificates.

Default: true

tls.enabled

Enable TLS globally for all listeners. Each listener must include a Certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, Certificates in auth.tls.certs are always loaded, even if tls.enabled is false. See listeners.<listener-name>.tls.enabled.

Default: true

tolerations

Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.

Default: []

tuning

Redpanda tuning settings. Each is set to their default values in Redpanda.

Default: {"tune_aio_events":true}

tuning.tune_aio_events

Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting tune_aio_events to false. For more details, see the tuning documentation.

Default: true

Merging Semantics

The redpanda chart implements a form of object merging that's roughly a middleground of JSON Merge Patch and Kubernetes' Strategic Merge Patch. This is done to aid end users in setting or overriding fields that are not directly exposed via the chart.

  • Directives are not supported.
  • List fields that are merged by a unique key in Kubernetes' SMP (e.g. containers, env) will be merged in a similar awy.
  • Only fields explicitly allowed by the chart's JSON schema will be merged.
  • Additional containers that are not present in the original value will NOT be added.

Documentation

Overview

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_cert-issuers.go.tpl

+gotohelm:filename=_certs.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_chart.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_configmap.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_connectors.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_console.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_helpers.go.tpl

+gotohelm:filename=_memory.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_notes.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_poddisruptionbudget.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_post-install-upgrade-job.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_rbac.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_secrets.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_service.loadbalancer.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_service.nodeport.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_service.internal.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_serviceaccount.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_servicemonitor.go.tpl

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+gotohelm:filename=_statefulset.go.tpl

+gotohelm:filename=_values.go.tpl

+gotohelm:ignore=true

Code generated by genpartial DO NOT EDIT.

+gotohelm:ignore=true

Index

Constants

View Source
const (
	// TrustStoreMountPath is the absolute path at which the
	// [corev1.VolumeProjection] of truststores will be mounted to the redpanda
	// container. (Without a trailing slash)
	TrustStoreMountPath = "/etc/truststores"

	// ServiceAccountVolumeName is the prefix name that will be added to volumes that mount ServiceAccount secrets
	// Reference
	// https://github.com/kubernetes/kubernetes/blob/c6669ea7d61af98da3a2aa8c1d2cdc9c2c57080a/plugin/pkg/admission/serviceaccount/admission.go#L52-L53
	ServiceAccountVolumeName = "kube-api-access"

	// DefaultAPITokenMountPath is the path that ServiceAccountToken secrets are automounted to.
	// The token file would then be accessible at /var/run/secrets/kubernetes.io/serviceaccount
	// Reference
	// https://github.com/kubernetes/kubernetes/blob/c6669ea7d61af98da3a2aa8c1d2cdc9c2c57080a/plugin/pkg/admission/serviceaccount/admission.go#L55-L57
	DefaultAPITokenMountPath = "/var/run/secrets/kubernetes.io/serviceaccount"
)
View Source
const (

	// RedpandaContainerName is the user facing name of the redpanda container
	// in the redpanda StatefulSet. While the name of the container can
	// technically change, this is the name that is used to locate the
	// [corev1.Container] that will be smp'd into the redpanda container.
	RedpandaContainerName = "redpanda"
	// PostUpgradeContainerName is the user facing name of the post-install
	// job's container.
	PostInstallContainerName = "post-install"
	// PostUpgradeContainerName is the user facing name of the post-upgrade
	// job's container.
	PostUpgradeContainerName = "post-upgrade"
	// RedpandaControllersContainerName is the container that can perform day
	// 2 operation similarly to Redpanda operator.
	RedpandaControllersContainerName = "redpanda-controllers"
)
View Source
const DefaultSASLMechanism = "SCRAM-SHA-512"

Variables

View Source
var (
	// Scheme is a [runtime.Scheme] with the appropriate extensions to load all
	// objects produced by the redpanda chart.
	Scheme = runtime.NewScheme()

	// Chart is the go version of the redpanda helm chart.
	Chart = gotohelm.MustLoad(chartYAML, defaultValuesYAML, render, console.Chart, connectors.Chart)
)

Functions

func BootstrapFile

func BootstrapFile(dot *helmette.Dot) string

BootstrapFile returns contents of `.bootstrap.yaml`. Keys that may be set via environment variables (such as tiered storage secrets) will have placeholders in the form of $ENVVARNAME. An init container is responsible for expanding said placeholders.

Convention is to name envvars $REDPANDA_SCREAMING_CASE_CLUSTER_PROPERTY_NAME. For example, cloud_storage_secret_key would be $REDPANDA_CLOUD_STORAGE_SECRET_KEY.

`.bootstrap.yaml` is templated and then read by both the redpanda container and the post install/upgrade job.

func BrokerList

func BrokerList(dot *helmette.Dot, replicas int32, port int32) []string

func CertIssuers

func CertIssuers(dot *helmette.Dot) []*certmanagerv1.Issuer

func CertSecretName

func CertSecretName(dot *helmette.Dot, certName string, cert *TLSCert) string

return correct secretName to use based if secretRef exists

func ChartLabel

func ChartLabel(dot *helmette.Dot) string

Create chart name and version as used by the chart label.

func ClientAuthRequired

func ClientAuthRequired(dot *helmette.Dot) bool

func ClientCerts

func ClientCerts(dot *helmette.Dot) []*certmanagerv1.Certificate

func ClusterRoleBindings

func ClusterRoleBindings(dot *helmette.Dot) []*rbacv1.ClusterRoleBinding

func ClusterRoles

func ClusterRoles(dot *helmette.Dot) []*rbacv1.ClusterRole

func CommonMounts

func CommonMounts(dot *helmette.Dot) []corev1.VolumeMount

mounts that are common to all containers

func CommonVolumes

func CommonVolumes(dot *helmette.Dot) []corev1.Volume

volumes that are common to all pods

func ConfigMaps

func ConfigMaps(dot *helmette.Dot) []*corev1.ConfigMap

func ConsoleConfig

func ConsoleConfig(dot *helmette.Dot) map[string]any

func ContainerSecurityContext

func ContainerSecurityContext(dot *helmette.Dot) corev1.SecurityContext

ContainerSecurityContext returns a subset of corev1.SecurityContext for the redpanda Statefulset. It is also used as the default ContainerSecurityContext.

func DefaultMounts

func DefaultMounts(dot *helmette.Dot) []corev1.VolumeMount

mounts that are common to most containers

func DefaultVolumes

func DefaultVolumes(dot *helmette.Dot) []corev1.Volume

func FullLabels

func FullLabels(dot *helmette.Dot) map[string]string

full helm labels + common labels

func Fullname

func Fullname(dot *helmette.Dot) string

Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

func GetLicenseLiteral

func GetLicenseLiteral(dot *helmette.Dot) string

func GetLicenseSecretReference

func GetLicenseSecretReference(dot *helmette.Dot) *corev1.SecretKeySelector

func InternalDomain

func InternalDomain(dot *helmette.Dot) string

Generate internal fqdn

func LoadBalancerServices

func LoadBalancerServices(dot *helmette.Dot) []*corev1.Service

func MonitoringEnabledLabel

func MonitoringEnabledLabel(dot *helmette.Dot) map[string]string

func Name

func Name(dot *helmette.Dot) string

Expand the name of the chart

func NodePortService

func NodePortService(dot *helmette.Dot) *corev1.Service

func Notes

func Notes(dot *helmette.Dot) []string

func PodDisruptionBudget

func PodDisruptionBudget(dot *helmette.Dot) *policyv1.PodDisruptionBudget

func PodSecurityContext

func PodSecurityContext(dot *helmette.Dot) *corev1.PodSecurityContext

PodSecurityContext returns a subset of corev1.PodSecurityContext for the redpanda Statefulset. It is also used as the default PodSecurityContext.

func PostInstallUpgradeEnvironmentVariables

func PostInstallUpgradeEnvironmentVariables(dot *helmette.Dot) []corev1.EnvVar

PostInstallUpgradeEnvironmentVariables returns environment variables assigned to Redpanda container.

func PostInstallUpgradeJob

func PostInstallUpgradeJob(dot *helmette.Dot) *batchv1.Job

func RPKProfile

func RPKProfile(dot *helmette.Dot) *corev1.ConfigMap

RPKProfile returns a corev1.ConfigMap for aiding users in connecting to the external listeners of their redpanda cluster. It is meant for external consumption via NOTES.txt and is not used within this chart.

func RedpandaAdditionalStartFlags

func RedpandaAdditionalStartFlags(dot *helmette.Dot, smp int64) []string

RedpandaAdditionalStartFlags returns a string list of flags suitable for use as `additional_start_flags`. User provided flags will override any of those set by default.

func RedpandaAtLeast_22_2_0

func RedpandaAtLeast_22_2_0(dot *helmette.Dot) bool

func RedpandaAtLeast_22_2_atleast_22_2_10

func RedpandaAtLeast_22_2_atleast_22_2_10(dot *helmette.Dot) bool

func RedpandaAtLeast_22_3_0

func RedpandaAtLeast_22_3_0(dot *helmette.Dot) bool

func RedpandaAtLeast_22_3_atleast_22_3_13

func RedpandaAtLeast_22_3_atleast_22_3_13(dot *helmette.Dot) bool

func RedpandaAtLeast_23_1_1

func RedpandaAtLeast_23_1_1(dot *helmette.Dot) bool

func RedpandaAtLeast_23_1_2

func RedpandaAtLeast_23_1_2(dot *helmette.Dot) bool

func RedpandaAtLeast_23_2_1

func RedpandaAtLeast_23_2_1(dot *helmette.Dot) bool

func RedpandaAtLeast_23_3_0

func RedpandaAtLeast_23_3_0(dot *helmette.Dot) bool

func RedpandaConfigFile

func RedpandaConfigFile(dot *helmette.Dot, includeSeedServer bool) string

func RedpandaConfigMap

func RedpandaConfigMap(dot *helmette.Dot) *corev1.ConfigMap

func RedpandaMemory

func RedpandaMemory(dot *helmette.Dot) int64

RedpandaMemory will return the amount of memory for Redpanda process. It should be passed to the `--memory` argument of the Redpanda process, see RedpandaAdditionalStartFlags and rpk redpanda start documentation. https://docs.redpanda.com/current/reference/rpk/rpk-redpanda/rpk-redpanda-start/

func RedpandaReserveMemory

func RedpandaReserveMemory(dot *helmette.Dot) int64

RedpandaReserveMemory will return the amount of memory that Redpanda process will not use from the provided value in `--memory` or from the internal Redpanda discovery process. It should be passed to the `--reserve-memory` argument of the Redpanda process, see RedpandaAdditionalStartFlags and rpk redpanda start documentation. https://docs.redpanda.com/current/reference/rpk/rpk-redpanda/rpk-redpanda-start/

func RedpandaSMP

func RedpandaSMP(dot *helmette.Dot) int64

func RootCAs

func RootCAs(dot *helmette.Dot) []*certmanagerv1.Certificate

func RpkACLCreate

func RpkACLCreate(*helmette.Dot) string

func RpkACLUserCreate

func RpkACLUserCreate(dot *helmette.Dot) string

func RpkClusterInfo

func RpkClusterInfo(*helmette.Dot) string

func RpkSASLEnvironmentVariables

func RpkSASLEnvironmentVariables(dot *helmette.Dot) string

was: rpk sasl environment variables

This will return a string with the correct environment variables to use for SASL based on the version of the redpanda container being used

func RpkTopicCreate

func RpkTopicCreate(dot *helmette.Dot) string

func RpkTopicDelete

func RpkTopicDelete(dot *helmette.Dot) string

func RpkTopicDescribe

func RpkTopicDescribe(*helmette.Dot) string

func SASLMechanism

func SASLMechanism(dot *helmette.Dot) string

func SecretBootstrapUser

func SecretBootstrapUser(dot *helmette.Dot) *corev1.Secret

func SecretConfigWatcher

func SecretConfigWatcher(dot *helmette.Dot) *corev1.Secret

func SecretConfigurator

func SecretConfigurator(dot *helmette.Dot) *corev1.Secret

func SecretFSValidator

func SecretFSValidator(dot *helmette.Dot) *corev1.Secret

func SecretSASLUsers

func SecretSASLUsers(dot *helmette.Dot) *corev1.Secret

func SecretSTSLifecycle

func SecretSTSLifecycle(dot *helmette.Dot) *corev1.Secret

func Secrets

func Secrets(dot *helmette.Dot) []*corev1.Secret

func ServerList

func ServerList(replicas int32, prefix, fullname, internalDomain string, port int32) []string

func ServiceAccount

func ServiceAccount(dot *helmette.Dot) *corev1.ServiceAccount

func ServiceAccountName

func ServiceAccountName(dot *helmette.Dot) string

Create the name of the service account to use

func ServiceInternal

func ServiceInternal(dot *helmette.Dot) *corev1.Service

func ServiceMonitor

func ServiceMonitor(dot *helmette.Dot) *monitoringv1.ServiceMonitor

func ServiceName

func ServiceName(dot *helmette.Dot) string

Create a default service name

func SidecarControllersClusterRole

func SidecarControllersClusterRole(dot *helmette.Dot) *rbacv1.ClusterRole

func SidecarControllersClusterRoleBinding

func SidecarControllersClusterRoleBinding(dot *helmette.Dot) *rbacv1.ClusterRoleBinding

func SidecarControllersRole

func SidecarControllersRole(dot *helmette.Dot) *rbacv1.Role

func SidecarControllersRoleBinding

func SidecarControllersRoleBinding(dot *helmette.Dot) *rbacv1.RoleBinding

func StatefulSet

func StatefulSet(dot *helmette.Dot) *appsv1.StatefulSet

func StatefulSetContainers

func StatefulSetContainers(dot *helmette.Dot) []corev1.Container

func StatefulSetInitContainers

func StatefulSetInitContainers(dot *helmette.Dot) []corev1.Container

func StatefulSetPodAnnotations

func StatefulSetPodAnnotations(dot *helmette.Dot, configMapChecksum string) map[string]string

StatefulSetPodAnnotations returns the annotation for the Redpanda PodTemplate.

func StatefulSetPodLabels

func StatefulSetPodLabels(dot *helmette.Dot) map[string]string

StatefulSetPodLabels returns the label that includes label selector for the Redpanda PodTemplate. If this helm release is an upgrade, the existing statefulset's pod template labels will be used as it's an immutable field.

func StatefulSetPodLabelsSelector

func StatefulSetPodLabelsSelector(dot *helmette.Dot) map[string]string

StatefulSetPodLabelsSelector returns the label selector for the Redpanda StatefulSet. If this helm release is an upgrade, the existing statefulset's label selector will be used as it's an immutable field.

func StatefulSetVolumeMounts

func StatefulSetVolumeMounts(dot *helmette.Dot) []corev1.VolumeMount

StatefulSetRedpandaMounts returns the VolumeMounts for the Redpanda Container of the Redpanda StatefulSet.

func StatefulSetVolumes

func StatefulSetVolumes(dot *helmette.Dot) []corev1.Volume

StatefulSetVolumes returns the [corev1.Volume]s for the Redpanda StatefulSet.

func StorageTieredConfig

func StorageTieredConfig(dot *helmette.Dot) map[string]any

StorageTieredConfig was: storage-tiered-config Wrap this up since there are helm tests that require it

func StrategicMergePatch

func StrategicMergePatch(overrides PodTemplate, original corev1.PodTemplateSpec) corev1.PodTemplateSpec

StrategicMergePatch is a half-baked implementation of Kubernetes' strategic merge patch. It's closer to a merge patch with smart handling of lists that's tailored to the values permitted by PodTemplate.

func TLSEnabled

func TLSEnabled(dot *helmette.Dot) bool

check if client auth is enabled for any of the listeners

func Tag

func Tag(dot *helmette.Dot) string

Use AppVersion if image.tag is not set

func Types

func Types() []kube.Object

Types returns a slice containing the set of all kube.Object types that could be returned by the redpanda chart. +gotohelm:ignore=true

func Warnings

func Warnings(dot *helmette.Dot) []string

Types

type AdminExternal

type AdminExternal struct {
	// Enabled indicates if this listener is enabled. If not specified,
	// defaults to the value of [ExternalConfig.Enabled].
	Enabled         *bool        `json:"enabled"`
	AdvertisedPorts []int32      `json:"advertisedPorts" jsonschema:"minItems=1"`
	Port            int32        `json:"port" jsonschema:"required"`
	NodePort        *int32       `json:"nodePort"`
	TLS             *ExternalTLS `json:"tls"`
}

func (*AdminExternal) IsEnabled

func (l *AdminExternal) IsEnabled() bool

type AdminListeners

type AdminListeners struct {
	External    ExternalListeners[AdminExternal] `json:"external"`
	Port        int32                            `json:"port" jsonschema:"required"`
	AppProtocol *string                          `json:"appProtocol,omitempty"`
	TLS         InternalTLS                      `json:"tls" jsonschema:"required"`
}

func (*AdminListeners) ConsoleTLS

func (l *AdminListeners) ConsoleTLS(tls *TLS) ConsoleTLS

func (*AdminListeners) Listeners

func (l *AdminListeners) Listeners() []map[string]any

func (*AdminListeners) ListenersTLS

func (l *AdminListeners) ListenersTLS(tls *TLS) []map[string]any

func (*AdminListeners) TrustStores

func (l *AdminListeners) TrustStores(tls *TLS) []*TrustStore

TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.

type AuditLogging

type AuditLogging struct {
	Enabled                    bool     `json:"enabled"`
	Listener                   string   `json:"listener"`
	Partitions                 int      `json:"partitions"`
	EnabledEventTypes          []string `json:"enabledEventTypes"`
	ExcludedTopics             []string `json:"excludedTopics"`
	ExcludedPrincipals         []string `json:"excludedPrincipals"`
	ClientMaxBufferSize        int      `json:"clientMaxBufferSize"`
	QueueDrainIntervalMS       int      `json:"queueDrainIntervalMs"`
	QueueMaxBufferSizeperShard int      `json:"queueMaxBufferSizePerShard"`
	ReplicationFactor          int      `json:"replicationFactor"`
}

func (AuditLogging) JSONSchemaExtend

func (AuditLogging) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*AuditLogging) Translate

func (a *AuditLogging) Translate(dot *helmette.Dot, isSASLEnabled bool) map[string]any

type Auth

type Auth struct {
	SASL *SASLAuth `json:"sasl" jsonschema:"required"`
}

func (*Auth) IsSASLEnabled

func (a *Auth) IsSASLEnabled() bool

func (*Auth) Translate

func (a *Auth) Translate(isSASLEnabled bool) map[string]any

type BootstrapUser

type BootstrapUser struct {
	Name         *string                   `json:"name"`
	SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef"`
	Password     *string                   `json:"password"`
	Mechanism    string                    `json:"mechanism" jsonschema:"pattern=^(SCRAM-SHA-512|SCRAM-SHA-256)$"`
}

func (*BootstrapUser) BootstrapEnvironment

func (b *BootstrapUser) BootstrapEnvironment(fullname string) []corev1.EnvVar

func (*BootstrapUser) GetMechanism

func (b *BootstrapUser) GetMechanism() string

func (*BootstrapUser) RpkEnvironment

func (b *BootstrapUser) RpkEnvironment(fullname string) []corev1.EnvVar

func (*BootstrapUser) SecretKeySelector

func (b *BootstrapUser) SecretKeySelector(fullname string) *corev1.SecretKeySelector

func (*BootstrapUser) Username

func (b *BootstrapUser) Username() string

type ClusterConfig

type ClusterConfig map[string]any

func (*ClusterConfig) Translate

func (c *ClusterConfig) Translate() map[string]any

type Config

type Config struct {
	Cluster              ClusterConfig         `json:"cluster" jsonschema:"required"`
	Node                 NodeConfig            `json:"node" jsonschema:"required"`
	RPK                  map[string]any        `json:"rpk"`
	SchemaRegistryClient *SchemaRegistryClient `json:"schema_registry_client"`
	PandaProxyClient     *PandaProxyClient     `json:"pandaproxy_client"`
	Tunable              TunableConfig         `json:"tunable" jsonschema:"required"`
}

func (*Config) CreateRPKConfiguration

func (c *Config) CreateRPKConfiguration() map[string]any

type ConsoleTLS

type ConsoleTLS struct {
	Enabled               bool   `json:"enabled"`
	CaFilepath            string `json:"caFilepath"`
	CertFilepath          string `json:"certFilepath"`
	KeyFilepath           string `json:"keyFilepath"`
	InsecureSkipTLSVerify bool   `json:"insecureSkipTlsVerify"`
}

ConsoleTLS is a struct that represents TLS configuration used in console configuration in Kafka, Schema Registry and Redpanda Admin API. For the above configuration helm chart could import struct, but as of the writing the struct fields tag have only `yaml` annotation. `sigs.k8s.io/yaml` requires `json` tags.

type Enableable

type Enableable struct {
	Enabled bool `json:"enabled" jsonschema:"required"`
}

type Enterprise

type Enterprise struct {
	License          string `json:"license"`
	LicenseSecretRef *struct {
		Key  string `json:"key"`
		Name string `json:"name"`
	} `json:"licenseSecretRef"`
}

type ExternalConfig

type ExternalConfig struct {
	Addresses      []string           `json:"addresses"`
	Annotations    map[string]string  `json:"annotations"`
	Domain         *string            `json:"domain"`
	Enabled        bool               `json:"enabled" jsonschema:"required"`
	Type           corev1.ServiceType `json:"type" jsonschema:"pattern=^(LoadBalancer|NodePort)$"`
	PrefixTemplate string             `json:"prefixTemplate"`
	SourceRanges   []string           `json:"sourceRanges"`
	Service        Enableable         `json:"service"`
	ExternalDNS    *Enableable        `json:"externalDns"`
}

type ExternalListeners

type ExternalListeners[T any] map[string]T

func (ExternalListeners[T]) JSONSchemaExtend

func (ExternalListeners[T]) JSONSchemaExtend(schema *jsonschema.Schema)

type ExternalTLS

type ExternalTLS struct {
	// Enabled, when `false`, indicates that this struct should treated as if
	// it was not specified. If `nil`, defaults to [InternalTLS.Enabled].
	// Prefer to use `IsEnabled` rather than checking this field directly.
	Enabled           *bool       `json:"enabled"`
	Cert              *string     `json:"cert"`
	RequireClientAuth *bool       `json:"requireClientAuth"`
	TrustStore        *TrustStore `json:"trustStore"`
}

ExternalTLS is the TLS configuration associated with a given "external" listener. The schema is more loose than InternalTLS. All fields have default values but are interpreted differently depending on their context (IE kafka vs schemaRegistry) tread lightly.

func (*ExternalTLS) GetCert

func (t *ExternalTLS) GetCert(i *InternalTLS, tls *TLS) *TLSCert

func (*ExternalTLS) GetCertName

func (t *ExternalTLS) GetCertName(i *InternalTLS) string

func (*ExternalTLS) IsEnabled

func (t *ExternalTLS) IsEnabled(i *InternalTLS, tls *TLS) bool

IsEnabled reports the value of [ExternalTLS.Enabled], falling back to InternalTLS.IsEnabled if not specified.

func (*ExternalTLS) TrustStoreFilePath

func (t *ExternalTLS) TrustStoreFilePath(i *InternalTLS, tls *TLS) string

type HTTPAuthenticationMethod

type HTTPAuthenticationMethod string

func (HTTPAuthenticationMethod) JSONSchemaExtend

func (HTTPAuthenticationMethod) JSONSchemaExtend(s *jsonschema.Schema)

type HTTPExternal

type HTTPExternal struct {
	// Enabled indicates if this listener is enabled. If not specified,
	// defaults to the value of [ExternalConfig.Enabled].
	Enabled              *bool                     `json:"enabled"`
	AdvertisedPorts      []int32                   `json:"advertisedPorts" jsonschema:"minItems=1"`
	Port                 int32                     `json:"port" jsonschema:"required"`
	NodePort             *int32                    `json:"nodePort"`
	AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
	PrefixTemplate       *string                   `json:"prefixTemplate"`
	TLS                  *ExternalTLS              `json:"tls" jsonschema:"required"`
}

func (*HTTPExternal) IsEnabled

func (l *HTTPExternal) IsEnabled() bool

func (HTTPExternal) JSONSchemaExtend

func (HTTPExternal) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

type HTTPListeners

type HTTPListeners struct {
	Enabled              bool                            `json:"enabled" jsonschema:"required"`
	External             ExternalListeners[HTTPExternal] `json:"external"`
	AuthenticationMethod *HTTPAuthenticationMethod       `json:"authenticationMethod"`
	TLS                  InternalTLS                     `json:"tls" jsonschema:"required"`
	KafkaEndpoint        string                          `json:"kafkaEndpoint" jsonschema:"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$"`
	Port                 int32                           `json:"port" jsonschema:"required"`
}

func (HTTPListeners) JSONSchemaExtend

func (HTTPListeners) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*HTTPListeners) Listeners

func (l *HTTPListeners) Listeners(saslEnabled bool) []map[string]any

func (*HTTPListeners) ListenersTLS

func (l *HTTPListeners) ListenersTLS(tls *TLS) []map[string]any

func (*HTTPListeners) TrustStores

func (l *HTTPListeners) TrustStores(tls *TLS) []*TrustStore

TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.

type Image

type Image struct {
	Repository string   `json:"repository" jsonschema:"required,default=docker.redpanda.com/redpandadata/redpanda"`
	Tag        ImageTag `json:"tag" jsonschema:"default=Chart.appVersion"`
	PullPolicy string   `` /* 127-byte string literal not displayed */
}

func (Image) JSONSchemaExtend

func (Image) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

type ImageTag

type ImageTag string

func (ImageTag) JSONSchemaExtend

func (ImageTag) JSONSchemaExtend(schema *jsonschema.Schema)

type InternalTLS

type InternalTLS struct {
	Enabled           *bool       `json:"enabled"`
	Cert              string      `json:"cert" jsonschema:"required"`
	RequireClientAuth bool        `json:"requireClientAuth" jsonschema:"required"`
	TrustStore        *TrustStore `json:"trustStore"`
}

InternalTLS is the TLS configuration for "internal" listeners. Internal listeners all have default values specified within values.yaml which allows us to be more strict about the schema here. TODO Unify this struct with ExternalTLS and/or remove the concept of internal and external listeners all together.

func (*InternalTLS) IsEnabled

func (t *InternalTLS) IsEnabled(tls *TLS) bool

IsEnabled reports the value of [InternalTLS.Enabled], falling back to [TLS.Enabled] if not specified.

func (*InternalTLS) ServerCAPath

func (t *InternalTLS) ServerCAPath(tls *TLS) string

ServerCAPath returns the path on disk to a certificate that may be used to verify a connection with this server.

func (*InternalTLS) TrustStoreFilePath

func (t *InternalTLS) TrustStoreFilePath(tls *TLS) string

type IssuerRefKind

type IssuerRefKind string

func (IssuerRefKind) JSONSchemaExtend

func (IssuerRefKind) JSONSchemaExtend(schema *jsonschema.Schema)

type KafkaAuthenticationMethod

type KafkaAuthenticationMethod string

func (KafkaAuthenticationMethod) JSONSchemaExtend

func (KafkaAuthenticationMethod) JSONSchemaExtend(s *jsonschema.Schema)

type KafkaExternal

type KafkaExternal struct {
	// Enabled indicates if this listener is enabled. If not specified,
	// defaults to the value of [ExternalConfig.Enabled].
	Enabled         *bool   `json:"enabled"`
	AdvertisedPorts []int32 `json:"advertisedPorts" jsonschema:"minItems=1"`
	Port            int32   `json:"port" jsonschema:"required"`
	// TODO CHECK NODE PORT USAGE
	NodePort             *int32                     `json:"nodePort"`
	AuthenticationMethod *KafkaAuthenticationMethod `json:"authenticationMethod"`
	PrefixTemplate       *string                    `json:"prefixTemplate"`
	TLS                  *ExternalTLS               `json:"tls"`
}

func (*KafkaExternal) IsEnabled

func (l *KafkaExternal) IsEnabled() bool

func (KafkaExternal) JSONSchemaExtend

func (KafkaExternal) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

type KafkaListeners

type KafkaListeners struct {
	AuthenticationMethod *KafkaAuthenticationMethod       `json:"authenticationMethod"`
	External             ExternalListeners[KafkaExternal] `json:"external"`
	TLS                  InternalTLS                      `json:"tls" jsonschema:"required"`
	Port                 int32                            `json:"port" jsonschema:"required"`
}

func (*KafkaListeners) ConnectorsTLS

func (k *KafkaListeners) ConnectorsTLS(tls *TLS, fullName string) connectors.TLS

func (*KafkaListeners) ConsoleTLS

func (k *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS

func (KafkaListeners) JSONSchemaExtend

func (KafkaListeners) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*KafkaListeners) Listeners

func (l *KafkaListeners) Listeners(auth *Auth) []map[string]any

Listeners returns a slice of maps suitable for use as the value of `kafka_api` in a redpanda.yml file.

func (*KafkaListeners) ListenersTLS

func (l *KafkaListeners) ListenersTLS(tls *TLS) []map[string]any

ListenersTLS returns a slice of maps suitable for use as the value of `kafka_api_tls` in a redpanda.yml file.

func (*KafkaListeners) TrustStores

func (l *KafkaListeners) TrustStores(tls *TLS) []*TrustStore

TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.

type LicenseSecretRef

type LicenseSecretRef struct {
	SecretName string `json:"secret_name"`
	SecretKey  string `json:"secret_key"`
}

type Listeners

type Listeners struct {
	Admin          AdminListeners          `json:"admin" jsonschema:"required"`
	HTTP           HTTPListeners           `json:"http" jsonschema:"required"`
	Kafka          KafkaListeners          `json:"kafka" jsonschema:"required"`
	SchemaRegistry SchemaRegistryListeners `json:"schemaRegistry" jsonschema:"required"`
	RPC            struct {
		Port int32       `json:"port" jsonschema:"required"`
		TLS  InternalTLS `json:"tls" jsonschema:"required"`
	} `json:"rpc" jsonschema:"required"`
}

func (*Listeners) AdminList

func (l *Listeners) AdminList(replicas int32, fullname, internalDomain string) []string

func (*Listeners) CreateSeedServers

func (l *Listeners) CreateSeedServers(replicas int32, fullname, internalDomain string) []map[string]any

func (*Listeners) SchemaRegistryList

func (l *Listeners) SchemaRegistryList(replicas int32, fullname, internalDomain string) []string

func (*Listeners) TrustStoreVolume

func (l *Listeners) TrustStoreVolume(tls *TLS) *corev1.Volume

TrustStoreVolume returns a corev1.Volume containing a projected volume that mounts all required truststore files. If no truststores are configured, it returns nil.

func (*Listeners) TrustStores

func (l *Listeners) TrustStores(tls *TLS) []*TrustStore

TrustStores returns an aggregate slice of all "active" [TrustStore]s across all listeners.

type Logging

type Logging struct {
	LogLevel    string `json:"logLevel" jsonschema:"required,pattern=^(error|warn|info|debug|trace)$"`
	UseageStats struct {
		Enabled   bool    `json:"enabled" jsonschema:"required"`
		ClusterID *string `json:"clusterId"`
	} `json:"usageStats" jsonschema:"required"`
}

func (*Logging) Translate

func (l *Logging) Translate() map[string]any

type MebiBytes

type MebiBytes = int64

func ContainerMemory

func ContainerMemory(dot *helmette.Dot) MebiBytes

Returns either the min or max container memory values as an integer value of MembiBytes

type Monitoring

type Monitoring struct {
	Enabled        bool                    `json:"enabled" jsonschema:"required"`
	ScrapeInterval monitoringv1.Duration   `json:"scrapeInterval" jsonschema:"required"`
	Labels         map[string]string       `json:"labels"`
	TLSConfig      *monitoringv1.TLSConfig `json:"tlsConfig"`
	EnableHttp2    *bool                   `json:"enableHttp2"`
}

type NodeConfig

type NodeConfig map[string]any

func (*NodeConfig) Translate

func (c *NodeConfig) Translate() map[string]any

type PandaProxyClient

type PandaProxyClient struct {
	Retries                     int `json:"retries"`
	RetryBaseBackoffMS          int `json:"retry_base_backoff_ms"`
	ProduceBatchRecordCount     int `json:"produce_batch_record_count"`
	ProduceBatchSizeBytes       int `json:"produce_batch_size_bytes"`
	ProduceBatchDelayMS         int `json:"produce_batch_delay_ms"`
	ConsumerRequestTimeoutMS    int `json:"consumer_request_timeout_ms"`
	ConsumerRequestMaxBytes     int `json:"consumer_request_max_bytes"`
	ConsumerSessionTimeoutMS    int `json:"consumer_session_timeout_ms"`
	ConsumerRebalanceTimeoutMS  int `json:"consumer_rebalance_timeout_ms"`
	ConsumerHeartbeatIntervalMS int `json:"consumer_heartbeat_interval_ms"`
}

type PartialAdminExternal

type PartialAdminExternal struct {
	Enabled         *bool               "json:\"enabled,omitempty\""
	AdvertisedPorts []int32             "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
	Port            *int32              "json:\"port,omitempty\" jsonschema:\"required\""
	NodePort        *int32              "json:\"nodePort,omitempty\""
	TLS             *PartialExternalTLS "json:\"tls,omitempty\""
}

type PartialAdminListeners

type PartialAdminListeners struct {
	External    PartialExternalListeners[PartialAdminExternal] "json:\"external,omitempty\""
	Port        *int32                                         "json:\"port,omitempty\" jsonschema:\"required\""
	AppProtocol *string                                        "json:\"appProtocol,omitempty\""
	TLS         *PartialInternalTLS                            "json:\"tls,omitempty\" jsonschema:\"required\""
}

type PartialAuditLogging

type PartialAuditLogging struct {
	Enabled                    *bool    "json:\"enabled,omitempty\""
	Listener                   *string  "json:\"listener,omitempty\""
	Partitions                 *int     "json:\"partitions,omitempty\""
	EnabledEventTypes          []string "json:\"enabledEventTypes,omitempty\""
	ExcludedTopics             []string "json:\"excludedTopics,omitempty\""
	ExcludedPrincipals         []string "json:\"excludedPrincipals,omitempty\""
	ClientMaxBufferSize        *int     "json:\"clientMaxBufferSize,omitempty\""
	QueueDrainIntervalMS       *int     "json:\"queueDrainIntervalMs,omitempty\""
	QueueMaxBufferSizeperShard *int     "json:\"queueMaxBufferSizePerShard,omitempty\""
	ReplicationFactor          *int     "json:\"replicationFactor,omitempty\""
}

type PartialAuth

type PartialAuth struct {
	SASL *PartialSASLAuth "json:\"sasl,omitempty\" jsonschema:\"required\""
}

type PartialBootstrapUser

type PartialBootstrapUser struct {
	Name         *string                   "json:\"name,omitempty\""
	SecretKeyRef *corev1.SecretKeySelector "json:\"secretKeyRef,omitempty\""
	Password     *string                   "json:\"password,omitempty\""
	Mechanism    *string                   "json:\"mechanism,omitempty\" jsonschema:\"pattern=^(SCRAM-SHA-512|SCRAM-SHA-256)$\""
}

type PartialClusterConfig

type PartialClusterConfig map[string]any

type PartialConfig

type PartialConfig struct {
	Cluster              PartialClusterConfig         "json:\"cluster,omitempty\" jsonschema:\"required\""
	Node                 PartialNodeConfig            "json:\"node,omitempty\" jsonschema:\"required\""
	RPK                  map[string]any               "json:\"rpk,omitempty\""
	SchemaRegistryClient *PartialSchemaRegistryClient "json:\"schema_registry_client,omitempty\""
	PandaProxyClient     *PartialPandaProxyClient     "json:\"pandaproxy_client,omitempty\""
	Tunable              PartialTunableConfig         "json:\"tunable,omitempty\" jsonschema:\"required\""
}

type PartialEnableable

type PartialEnableable struct {
	Enabled *bool "json:\"enabled,omitempty\" jsonschema:\"required\""
}

type PartialEnterprise

type PartialEnterprise struct {
	License          *string "json:\"license,omitempty\""
	LicenseSecretRef *struct {
		Key  *string "json:\"key,omitempty\""
		Name *string "json:\"name,omitempty\""
	} "json:\"licenseSecretRef,omitempty\""
}

type PartialExternalConfig

type PartialExternalConfig struct {
	Addresses      []string            "json:\"addresses,omitempty\""
	Annotations    map[string]string   "json:\"annotations,omitempty\""
	Domain         *string             "json:\"domain,omitempty\""
	Enabled        *bool               "json:\"enabled,omitempty\" jsonschema:\"required\""
	Type           *corev1.ServiceType "json:\"type,omitempty\" jsonschema:\"pattern=^(LoadBalancer|NodePort)$\""
	PrefixTemplate *string             "json:\"prefixTemplate,omitempty\""
	SourceRanges   []string            "json:\"sourceRanges,omitempty\""
	Service        *PartialEnableable  "json:\"service,omitempty\""
	ExternalDNS    *PartialEnableable  "json:\"externalDns,omitempty\""
}

type PartialExternalListeners

type PartialExternalListeners[T any] map[string]T

type PartialExternalTLS

type PartialExternalTLS struct {
	Enabled           *bool              "json:\"enabled,omitempty\""
	Cert              *string            "json:\"cert,omitempty\""
	RequireClientAuth *bool              "json:\"requireClientAuth,omitempty\""
	TrustStore        *PartialTrustStore "json:\"trustStore,omitempty\""
}

type PartialHTTPExternal

type PartialHTTPExternal struct {
	Enabled              *bool                     "json:\"enabled,omitempty\""
	AdvertisedPorts      []int32                   "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
	Port                 *int32                    "json:\"port,omitempty\" jsonschema:\"required\""
	NodePort             *int32                    "json:\"nodePort,omitempty\""
	AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
	PrefixTemplate       *string                   "json:\"prefixTemplate,omitempty\""
	TLS                  *PartialExternalTLS       "json:\"tls,omitempty\" jsonschema:\"required\""
}

type PartialHTTPListeners

type PartialHTTPListeners struct {
	Enabled              *bool                                         "json:\"enabled,omitempty\" jsonschema:\"required\""
	External             PartialExternalListeners[PartialHTTPExternal] "json:\"external,omitempty\""
	AuthenticationMethod *HTTPAuthenticationMethod                     "json:\"authenticationMethod,omitempty\""
	TLS                  *PartialInternalTLS                           "json:\"tls,omitempty\" jsonschema:\"required\""
	KafkaEndpoint        *string                                       "json:\"kafkaEndpoint,omitempty\" jsonschema:\"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$\""
	Port                 *int32                                        "json:\"port,omitempty\" jsonschema:\"required\""
}

type PartialImage

type PartialImage struct {
	Repository *string   "json:\"repository,omitempty\" jsonschema:\"required,default=docker.redpanda.com/redpandadata/redpanda\""
	Tag        *ImageTag "json:\"tag,omitempty\" jsonschema:\"default=Chart.appVersion\""
	PullPolicy *string   "" /* 141-byte string literal not displayed */
}

type PartialInternalTLS

type PartialInternalTLS struct {
	Enabled           *bool              "json:\"enabled,omitempty\""
	Cert              *string            "json:\"cert,omitempty\" jsonschema:\"required\""
	RequireClientAuth *bool              "json:\"requireClientAuth,omitempty\" jsonschema:\"required\""
	TrustStore        *PartialTrustStore "json:\"trustStore,omitempty\""
}

type PartialKafkaExternal

type PartialKafkaExternal struct {
	Enabled              *bool                      "json:\"enabled,omitempty\""
	AdvertisedPorts      []int32                    "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
	Port                 *int32                     "json:\"port,omitempty\" jsonschema:\"required\""
	NodePort             *int32                     "json:\"nodePort,omitempty\""
	AuthenticationMethod *KafkaAuthenticationMethod "json:\"authenticationMethod,omitempty\""
	PrefixTemplate       *string                    "json:\"prefixTemplate,omitempty\""
	TLS                  *PartialExternalTLS        "json:\"tls,omitempty\""
}

type PartialKafkaListeners

type PartialKafkaListeners struct {
	AuthenticationMethod *KafkaAuthenticationMethod                     "json:\"authenticationMethod,omitempty\""
	External             PartialExternalListeners[PartialKafkaExternal] "json:\"external,omitempty\""
	TLS                  *PartialInternalTLS                            "json:\"tls,omitempty\" jsonschema:\"required\""
	Port                 *int32                                         "json:\"port,omitempty\" jsonschema:\"required\""
}

type PartialLicenseSecretRef

type PartialLicenseSecretRef struct {
	SecretName *string "json:\"secret_name,omitempty\""
	SecretKey  *string "json:\"secret_key,omitempty\""
}

type PartialListeners

type PartialListeners struct {
	Admin          *PartialAdminListeners          "json:\"admin,omitempty\" jsonschema:\"required\""
	HTTP           *PartialHTTPListeners           "json:\"http,omitempty\" jsonschema:\"required\""
	Kafka          *PartialKafkaListeners          "json:\"kafka,omitempty\" jsonschema:\"required\""
	SchemaRegistry *PartialSchemaRegistryListeners "json:\"schemaRegistry,omitempty\" jsonschema:\"required\""
	RPC            *struct {
		Port *int32              "json:\"port,omitempty\" jsonschema:\"required\""
		TLS  *PartialInternalTLS "json:\"tls,omitempty\" jsonschema:\"required\""
	} "json:\"rpc,omitempty\" jsonschema:\"required\""
}

type PartialLogging

type PartialLogging struct {
	LogLevel    *string "json:\"logLevel,omitempty\" jsonschema:\"required,pattern=^(error|warn|info|debug|trace)$\""
	UseageStats *struct {
		Enabled   *bool   "json:\"enabled,omitempty\" jsonschema:\"required\""
		ClusterID *string "json:\"clusterId,omitempty\""
	} "json:\"usageStats,omitempty\" jsonschema:\"required\""
}

type PartialMonitoring

type PartialMonitoring struct {
	Enabled        *bool                   "json:\"enabled,omitempty\" jsonschema:\"required\""
	ScrapeInterval *monitoringv1.Duration  "json:\"scrapeInterval,omitempty\" jsonschema:\"required\""
	Labels         map[string]string       "json:\"labels,omitempty\""
	TLSConfig      *monitoringv1.TLSConfig "json:\"tlsConfig,omitempty\""
	EnableHttp2    *bool                   "json:\"enableHttp2,omitempty\""
}

type PartialNodeConfig

type PartialNodeConfig map[string]any

type PartialPandaProxyClient

type PartialPandaProxyClient struct {
	Retries                     *int "json:\"retries,omitempty\""
	RetryBaseBackoffMS          *int "json:\"retry_base_backoff_ms,omitempty\""
	ProduceBatchRecordCount     *int "json:\"produce_batch_record_count,omitempty\""
	ProduceBatchSizeBytes       *int "json:\"produce_batch_size_bytes,omitempty\""
	ProduceBatchDelayMS         *int "json:\"produce_batch_delay_ms,omitempty\""
	ConsumerRequestTimeoutMS    *int "json:\"consumer_request_timeout_ms,omitempty\""
	ConsumerRequestMaxBytes     *int "json:\"consumer_request_max_bytes,omitempty\""
	ConsumerSessionTimeoutMS    *int "json:\"consumer_session_timeout_ms,omitempty\""
	ConsumerRebalanceTimeoutMS  *int "json:\"consumer_rebalance_timeout_ms,omitempty\""
	ConsumerHeartbeatIntervalMS *int "json:\"consumer_heartbeat_interval_ms,omitempty\""
}

type PartialPodTemplate

type PartialPodTemplate struct {
	Labels      map[string]string                      "json:\"labels,omitempty\" jsonschema:\"required\""
	Annotations map[string]string                      "json:\"annotations,omitempty\" jsonschema:\"required\""
	Spec        *applycorev1.PodSpecApplyConfiguration "json:\"spec,omitempty\""
}

type PartialPostInstallJob

type PartialPostInstallJob struct {
	Resources       *corev1.ResourceRequirements "json:\"resources,omitempty\""
	Affinity        *corev1.Affinity             "json:\"affinity,omitempty\""
	Enabled         *bool                        "json:\"enabled,omitempty\""
	Labels          map[string]string            "json:\"labels,omitempty\""
	Annotations     map[string]string            "json:\"annotations,omitempty\""
	SecurityContext *corev1.SecurityContext      "json:\"securityContext,omitempty\""
	PodTemplate     *PartialPodTemplate          "json:\"podTemplate,omitempty\""
}

type PartialRBAC

type PartialRBAC struct {
	Enabled     *bool             "json:\"enabled,omitempty\" jsonschema:\"required\""
	Annotations map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
}

type PartialRackAwareness

type PartialRackAwareness struct {
	Enabled        *bool   "json:\"enabled,omitempty\" jsonschema:\"required\""
	NodeAnnotation *string "json:\"nodeAnnotation,omitempty\" jsonschema:\"required\""
}

type PartialRedpandaResources

type PartialRedpandaResources struct {
	CPU *struct {
		Cores           *resource.Quantity "json:\"cores,omitempty\" jsonschema:\"required\""
		Overprovisioned *bool              "json:\"overprovisioned,omitempty\""
	} "json:\"cpu,omitempty\" jsonschema:\"required\""
	Memory *struct {
		EnableMemoryLocking *bool "json:\"enable_memory_locking,omitempty\""
		Container           *struct {
			Min *resource.Quantity "json:\"min,omitempty\""
			Max *resource.Quantity "json:\"max,omitempty\" jsonschema:\"required\""
		} "json:\"container,omitempty\" jsonschema:\"required\""
		Redpanda *struct {
			Memory        *resource.Quantity "json:\"memory,omitempty\""
			ReserveMemory *resource.Quantity "json:\"reserveMemory,omitempty\""
		} "json:\"redpanda,omitempty\""
	} "json:\"memory,omitempty\" jsonschema:\"required\""
}

type PartialSASLAuth

type PartialSASLAuth struct {
	Enabled       *bool                 "json:\"enabled,omitempty\" jsonschema:\"required\""
	Mechanism     *string               "json:\"mechanism,omitempty\""
	SecretRef     *string               "json:\"secretRef,omitempty\""
	Users         []PartialSASLUser     "json:\"users,omitempty\""
	BootstrapUser *PartialBootstrapUser "json:\"bootstrapUser,omitempty\""
}

type PartialSASLUser

type PartialSASLUser struct {
	Name      *string "json:\"name,omitempty\""
	Password  *string "json:\"password,omitempty\""
	Mechanism *string "json:\"mechanism,omitempty\" jsonschema:\"pattern=^(SCRAM-SHA-512|SCRAM-SHA-256)$\""
}

type PartialSchemaRegistryClient

type PartialSchemaRegistryClient struct {
	Retries                     *int "json:\"retries,omitempty\""
	RetryBaseBackoffMS          *int "json:\"retry_base_backoff_ms,omitempty\""
	ProduceBatchRecordCount     *int "json:\"produce_batch_record_count,omitempty\""
	ProduceBatchSizeBytes       *int "json:\"produce_batch_size_bytes,omitempty\""
	ProduceBatchDelayMS         *int "json:\"produce_batch_delay_ms,omitempty\""
	ConsumerRequestTimeoutMS    *int "json:\"consumer_request_timeout_ms,omitempty\""
	ConsumerRequestMaxBytes     *int "json:\"consumer_request_max_bytes,omitempty\""
	ConsumerSessionTimeoutMS    *int "json:\"consumer_session_timeout_ms,omitempty\""
	ConsumerRebalanceTimeoutMS  *int "json:\"consumer_rebalance_timeout_ms,omitempty\""
	ConsumerHeartbeatIntervalMS *int "json:\"consumer_heartbeat_interval_ms,omitempty\""
}

type PartialSchemaRegistryExternal

type PartialSchemaRegistryExternal struct {
	Enabled              *bool                     "json:\"enabled,omitempty\""
	AdvertisedPorts      []int32                   "json:\"advertisedPorts,omitempty\" jsonschema:\"minItems=1\""
	Port                 *int32                    "json:\"port,omitempty\""
	NodePort             *int32                    "json:\"nodePort,omitempty\""
	AuthenticationMethod *HTTPAuthenticationMethod "json:\"authenticationMethod,omitempty\""
	TLS                  *PartialExternalTLS       "json:\"tls,omitempty\""
}

type PartialSchemaRegistryListeners

type PartialSchemaRegistryListeners struct {
	Enabled              *bool                                                   "json:\"enabled,omitempty\" jsonschema:\"required\""
	External             PartialExternalListeners[PartialSchemaRegistryExternal] "json:\"external,omitempty\""
	AuthenticationMethod *HTTPAuthenticationMethod                               "json:\"authenticationMethod,omitempty\""
	KafkaEndpoint        *string                                                 "json:\"kafkaEndpoint,omitempty\" jsonschema:\"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$\""
	Port                 *int32                                                  "json:\"port,omitempty\" jsonschema:\"required\""
	TLS                  *PartialInternalTLS                                     "json:\"tls,omitempty\" jsonschema:\"required\""
}

type PartialSecretRef

type PartialSecretRef struct {
	ConfigurationKey *string "json:\"configurationKey,omitempty\""
	Key              *string "json:\"key,omitempty\""
	Name             *string "json:\"name,omitempty\""
}

type PartialSecurityContext

type PartialSecurityContext struct {
	RunAsUser                 *int64                         "json:\"runAsUser,omitempty\""
	RunAsGroup                *int64                         "json:\"runAsGroup,omitempty\""
	AllowPrivilegeEscalation  *bool                          "json:\"allowPrivilegeEscalation,omitempty\""
	AllowPriviledgeEscalation *bool                          "json:\"allowPriviledgeEscalation,omitempty\""
	RunAsNonRoot              *bool                          "json:\"runAsNonRoot,omitempty\""
	FSGroup                   *int64                         "json:\"fsGroup,omitempty\""
	FSGroupChangePolicy       *corev1.PodFSGroupChangePolicy "json:\"fsGroupChangePolicy,omitempty\""
}

type PartialService

type PartialService struct {
	Name     *string "json:\"name,omitempty\""
	Internal *struct {
		Annotations map[string]string "json:\"annotations,omitempty\""
	} "json:\"internal,omitempty\""
}

type PartialServiceAccountCfg

type PartialServiceAccountCfg struct {
	Annotations                  map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
	AutomountServiceAccountToken *bool             "json:\"automountServiceAccountToken,omitempty\""
	Create                       *bool             "json:\"create,omitempty\" jsonschema:\"required\""
	Name                         *string           "json:\"name,omitempty\" jsonschema:\"required\""
}

type PartialStatefulset

type PartialStatefulset struct {
	AdditionalSelectorLabels map[string]string "json:\"additionalSelectorLabels,omitempty\" jsonschema:\"required\""
	NodeAffinity             map[string]any    "json:\"nodeAffinity,omitempty\""
	Replicas                 *int32            "json:\"replicas,omitempty\" jsonschema:\"required\""
	UpdateStrategy           *struct {
		Type *string "json:\"type,omitempty\" jsonschema:\"required,pattern=^(RollingUpdate|OnDelete)$\""
	} "json:\"updateStrategy,omitempty\" jsonschema:\"required\""
	AdditionalRedpandaCmdFlags []string            "json:\"additionalRedpandaCmdFlags,omitempty\""
	Annotations                map[string]string   "json:\"annotations,omitempty\" jsonschema:\"deprecated\""
	PodTemplate                *PartialPodTemplate "json:\"podTemplate,omitempty\" jsonschema:\"required\""
	Budget                     *struct {
		MaxUnavailable *int32 "json:\"maxUnavailable,omitempty\" jsonschema:\"required\""
	} "json:\"budget,omitempty\" jsonschema:\"required\""
	StartupProbe *struct {
		InitialDelaySeconds *int32 "json:\"initialDelaySeconds,omitempty\" jsonschema:\"required\""
		FailureThreshold    *int32 "json:\"failureThreshold,omitempty\" jsonschema:\"required\""
		PeriodSeconds       *int32 "json:\"periodSeconds,omitempty\" jsonschema:\"required\""
	} "json:\"startupProbe,omitempty\" jsonschema:\"required\""
	LivenessProbe *struct {
		InitialDelaySeconds *int32 "json:\"initialDelaySeconds,omitempty\" jsonschema:\"required\""
		FailureThreshold    *int32 "json:\"failureThreshold,omitempty\" jsonschema:\"required\""
		PeriodSeconds       *int32 "json:\"periodSeconds,omitempty\" jsonschema:\"required\""
	} "json:\"livenessProbe,omitempty\" jsonschema:\"required\""
	ReadinessProbe *struct {
		InitialDelaySeconds *int32 "json:\"initialDelaySeconds,omitempty\" jsonschema:\"required\""
		FailureThreshold    *int32 "json:\"failureThreshold,omitempty\" jsonschema:\"required\""
		PeriodSeconds       *int32 "json:\"periodSeconds,omitempty\" jsonschema:\"required\""
		SuccessThreshold    *int32 "json:\"successThreshold,omitempty\""
		TimeoutSeconds      *int32 "json:\"timeoutSeconds,omitempty\""
	} "json:\"readinessProbe,omitempty\" jsonschema:\"required\""
	PodAffinity     map[string]any "json:\"podAffinity,omitempty\" jsonschema:\"required\""
	PodAntiAffinity *struct {
		TopologyKey *string        "json:\"topologyKey,omitempty\" jsonschema:\"required\""
		Type        *string        "json:\"type,omitempty\" jsonschema:\"required,pattern=^(hard|soft|custom)$\""
		Weight      *int32         "json:\"weight,omitempty\" jsonschema:\"required\""
		Custom      map[string]any "json:\"custom,omitempty\""
	} "json:\"podAntiAffinity,omitempty\" jsonschema:\"required\""
	NodeSelector                  map[string]string "json:\"nodeSelector,omitempty\" jsonschema:\"required\""
	PriorityClassName             *string           "json:\"priorityClassName,omitempty\" jsonschema:\"required\""
	TerminationGracePeriodSeconds *int64            "json:\"terminationGracePeriodSeconds,omitempty\""
	TopologySpreadConstraints     []struct {
		MaxSkew           *int32                                "json:\"maxSkew,omitempty\""
		TopologyKey       *string                               "json:\"topologyKey,omitempty\""
		WhenUnsatisfiable *corev1.UnsatisfiableConstraintAction "json:\"whenUnsatisfiable,omitempty\" jsonschema:\"pattern=^(ScheduleAnyway|DoNotSchedule)$\""
	} "json:\"topologySpreadConstraints,omitempty\" jsonschema:\"required,minItems=1\""
	Tolerations        []corev1.Toleration     "json:\"tolerations,omitempty\" jsonschema:\"required\""
	PodSecurityContext *PartialSecurityContext "json:\"podSecurityContext,omitempty\""
	SecurityContext    *PartialSecurityContext "json:\"securityContext,omitempty\" jsonschema:\"required\""
	SideCars           *struct {
		ConfigWatcher *struct {
			Enabled           *bool                   "json:\"enabled,omitempty\""
			ExtraVolumeMounts *string                 "json:\"extraVolumeMounts,omitempty\""
			Resources         map[string]any          "json:\"resources,omitempty\""
			SecurityContext   *corev1.SecurityContext "json:\"securityContext,omitempty\""
		} "json:\"configWatcher,omitempty\""
		Controllers *struct {
			Image *struct {
				Tag        *ImageTag "json:\"tag,omitempty\" jsonschema:\"required,default=Chart.appVersion\""
				Repository *string   "json:\"repository,omitempty\" jsonschema:\"required,default=docker.redpanda.com/redpandadata/redpanda-operator\""
			} "json:\"image,omitempty\""
			Enabled            *bool                   "json:\"enabled,omitempty\""
			CreateRBAC         *bool                   "json:\"createRBAC,omitempty\""
			Resources          any                     "json:\"resources,omitempty\""
			SecurityContext    *corev1.SecurityContext "json:\"securityContext,omitempty\""
			HealthProbeAddress *string                 "json:\"healthProbeAddress,omitempty\""
			MetricsAddress     *string                 "json:\"metricsAddress,omitempty\""
			PprofAddress       *string                 "json:\"pprofAddress,omitempty\""
			Run                []string                "json:\"run,omitempty\""
		} "json:\"controllers,omitempty\""
	} "json:\"sideCars,omitempty\" jsonschema:\"required\""
	ExtraVolumes      *string "json:\"extraVolumes,omitempty\""
	ExtraVolumeMounts *string "json:\"extraVolumeMounts,omitempty\""
	InitContainers    *struct {
		Configurator *struct {
			ExtraVolumeMounts *string        "json:\"extraVolumeMounts,omitempty\""
			Resources         map[string]any "json:\"resources,omitempty\""
		} "json:\"configurator,omitempty\""
		FSValidator *struct {
			Enabled           *bool          "json:\"enabled,omitempty\""
			Resources         map[string]any "json:\"resources,omitempty\""
			ExtraVolumeMounts *string        "json:\"extraVolumeMounts,omitempty\""
			ExpectedFS        *string        "json:\"expectedFS,omitempty\""
		} "json:\"fsValidator,omitempty\""
		SetDataDirOwnership *struct {
			Enabled           *bool          "json:\"enabled,omitempty\""
			Resources         map[string]any "json:\"resources,omitempty\""
			ExtraVolumeMounts *string        "json:\"extraVolumeMounts,omitempty\""
		} "json:\"setDataDirOwnership,omitempty\""
		SetTieredStorageCacheDirOwnership *struct {
			Resources         map[string]any "json:\"resources,omitempty\""
			ExtraVolumeMounts *string        "json:\"extraVolumeMounts,omitempty\""
		} "json:\"setTieredStorageCacheDirOwnership,omitempty\""
		Tuning *struct {
			Resources         map[string]any "json:\"resources,omitempty\""
			ExtraVolumeMounts *string        "json:\"extraVolumeMounts,omitempty\""
		} "json:\"tuning,omitempty\""
		ExtraInitContainers *string "json:\"extraInitContainers,omitempty\""
	} "json:\"initContainers,omitempty\""
	InitContainerImage *struct {
		Repository *string "json:\"repository,omitempty\""
		Tag        *string "json:\"tag,omitempty\""
	} "json:\"initContainerImage,omitempty\""
}

type PartialStorage

type PartialStorage struct {
	HostPath         *string        "json:\"hostPath,omitempty\" jsonschema:\"required\""
	Tiered           *PartialTiered "json:\"tiered,omitempty\" jsonschema:\"required\""
	PersistentVolume *struct {
		Annotations   map[string]string  "json:\"annotations,omitempty\" jsonschema:\"required\""
		Enabled       *bool              "json:\"enabled,omitempty\" jsonschema:\"required\""
		Labels        map[string]string  "json:\"labels,omitempty\" jsonschema:\"required\""
		Size          *resource.Quantity "json:\"size,omitempty\" jsonschema:\"required\""
		StorageClass  *string            "json:\"storageClass,omitempty\" jsonschema:\"required\""
		NameOverwrite *string            "json:\"nameOverwrite,omitempty\""
	} "json:\"persistentVolume,omitempty\" jsonschema:\"required,deprecated\""
	TieredConfig                  PartialTieredStorageConfig "json:\"tieredConfig,omitempty\" jsonschema:\"deprecated\""
	TieredStorageHostPath         *string                    "json:\"tieredStorageHostPath,omitempty\" jsonschema:\"deprecated\""
	TieredStoragePersistentVolume *struct {
		Annotations  map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
		Enabled      *bool             "json:\"enabled,omitempty\" jsonschema:\"required\""
		Labels       map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
		StorageClass *string           "json:\"storageClass,omitempty\" jsonschema:\"required\""
	} "json:\"tieredStoragePersistentVolume,omitempty\" jsonschema:\"deprecated\""
}

type PartialTLS

type PartialTLS struct {
	Enabled *bool             "json:\"enabled,omitempty\" jsonschema:\"required\""
	Certs   PartialTLSCertMap "json:\"certs,omitempty\" jsonschema:\"required\""
}

type PartialTLSCert

type PartialTLSCert struct {
	Enabled               *bool                        "json:\"enabled,omitempty\""
	CAEnabled             *bool                        "json:\"caEnabled,omitempty\" jsonschema:\"required\""
	ApplyInternalDNSNames *bool                        "json:\"applyInternalDNSNames,omitempty\""
	Duration              *string                      "json:\"duration,omitempty\" jsonschema:\"pattern=.*[smh]$\""
	IssuerRef             *cmmeta.ObjectReference      "json:\"issuerRef,omitempty\""
	SecretRef             *corev1.LocalObjectReference "json:\"secretRef,omitempty\""
	ClientSecretRef       *corev1.LocalObjectReference "json:\"clientSecretRef,omitempty\""
}

type PartialTLSCertMap

type PartialTLSCertMap map[string]PartialTLSCert

type PartialTiered

type PartialTiered struct {
	CredentialsSecretRef *PartialTieredStorageCredentials "json:\"credentialsSecretRef,omitempty\""
	Config               PartialTieredStorageConfig       "json:\"config,omitempty\""
	HostPath             *string                          "json:\"hostPath,omitempty\""
	MountType            *string                          "json:\"mountType,omitempty\" jsonschema:\"required,pattern=^(none|hostPath|emptyDir|persistentVolume)$\""
	PersistentVolume     *struct {
		Annotations   map[string]string "json:\"annotations,omitempty\" jsonschema:\"required\""
		Enabled       *bool             "json:\"enabled,omitempty\""
		Labels        map[string]string "json:\"labels,omitempty\" jsonschema:\"required\""
		NameOverwrite *string           "json:\"nameOverwrite,omitempty\""
		Size          *string           "json:\"size,omitempty\""
		StorageClass  *string           "json:\"storageClass,omitempty\" jsonschema:\"required\""
	} "json:\"persistentVolume,omitempty\""
}

type PartialTieredStorageConfig

type PartialTieredStorageConfig map[string]any

type PartialTieredStorageCredentials

type PartialTieredStorageCredentials struct {
	AccessKey *PartialSecretRef "json:\"accessKey,omitempty\""
	SecretKey *PartialSecretRef "json:\"secretKey,omitempty\""
}

type PartialTrustStore

type PartialTrustStore struct {
	ConfigMapKeyRef *corev1.ConfigMapKeySelector "json:\"configMapKeyRef,omitempty\""
	SecretKeyRef    *corev1.SecretKeySelector    "json:\"secretKeyRef,omitempty\""
}

type PartialTunableConfig

type PartialTunableConfig map[string]any

type PartialTuning

type PartialTuning struct {
	TuneAIOEvents   *bool   "json:\"tune_aio_events,omitempty\""
	TuneClocksource *bool   "json:\"tune_clocksource,omitempty\""
	TuneBallastFile *bool   "json:\"tune_ballast_file,omitempty\""
	BallastFilePath *string "json:\"ballast_file_path,omitempty\""
	BallastFileSize *string "json:\"ballast_file_size,omitempty\""
	WellKnownIO     *string "json:\"well_known_io,omitempty\""
}

type PartialValues

type PartialValues struct {
	NameOverride     *string                       "json:\"nameOverride,omitempty\""
	FullnameOverride *string                       "json:\"fullnameOverride,omitempty\""
	ClusterDomain    *string                       "json:\"clusterDomain,omitempty\""
	CommonLabels     map[string]string             "json:\"commonLabels,omitempty\""
	NodeSelector     map[string]string             "json:\"nodeSelector,omitempty\""
	Affinity         *corev1.Affinity              "json:\"affinity,omitempty\" jsonschema:\"required\""
	Tolerations      []corev1.Toleration           "json:\"tolerations,omitempty\""
	Image            *PartialImage                 "" /* 126-byte string literal not displayed */
	Service          *PartialService               "json:\"service,omitempty\""
	ImagePullSecrets []corev1.LocalObjectReference "json:\"imagePullSecrets,omitempty\""
	LicenseKey       *string                       "" /* 199-byte string literal not displayed */
	LicenseSecretRef *PartialLicenseSecretRef      "json:\"license_secret_ref,omitempty\" jsonschema:\"deprecated\""
	AuditLogging     *PartialAuditLogging          "json:\"auditLogging,omitempty\""
	Enterprise       *PartialEnterprise            "json:\"enterprise,omitempty\""
	RackAwareness    *PartialRackAwareness         "json:\"rackAwareness,omitempty\""
	Console          *console.PartialValues        "json:\"console,omitempty\""
	Connectors       *connectors.PartialValues     "json:\"connectors,omitempty\""
	Auth             *PartialAuth                  "json:\"auth,omitempty\""
	TLS              *PartialTLS                   "json:\"tls,omitempty\""
	External         *PartialExternalConfig        "json:\"external,omitempty\""
	Logging          *PartialLogging               "json:\"logging,omitempty\""
	Monitoring       *PartialMonitoring            "json:\"monitoring,omitempty\""
	Resources        *PartialRedpandaResources     "json:\"resources,omitempty\""
	Storage          *PartialStorage               "json:\"storage,omitempty\""
	PostInstallJob   *PartialPostInstallJob        "json:\"post_install_job,omitempty\""
	Statefulset      *PartialStatefulset           "json:\"statefulset,omitempty\""
	ServiceAccount   *PartialServiceAccountCfg     "json:\"serviceAccount,omitempty\""
	RBAC             *PartialRBAC                  "json:\"rbac,omitempty\""
	Tuning           *PartialTuning                "json:\"tuning,omitempty\""
	Listeners        *PartialListeners             "json:\"listeners,omitempty\""
	Config           *PartialConfig                "json:\"config,omitempty\""
	Tests            *struct {
		Enabled *bool "json:\"enabled,omitempty\""
	} "json:\"tests,omitempty\""
	Force *bool "json:\"force,omitempty\""
}

type PodTemplate

type PodTemplate struct {
	Labels      map[string]string                      `json:"labels,omitempty" jsonschema:"required"`
	Annotations map[string]string                      `json:"annotations,omitempty" jsonschema:"required"`
	Spec        *applycorev1.PodSpecApplyConfiguration `json:"spec,omitempty"`
}

type PostInstallJob

type PostInstallJob struct {
	Resources   *corev1.ResourceRequirements `json:"resources"`
	Affinity    corev1.Affinity              `json:"affinity"`
	Enabled     bool                         `json:"enabled"`
	Labels      map[string]string            `json:"labels"`
	Annotations map[string]string            `json:"annotations"`
	// Deprecated. Prefer [PodTemplate.Spec.SecurityContext].
	SecurityContext *corev1.SecurityContext `json:"securityContext"`
	PodTemplate     PodTemplate             `json:"podTemplate"`
}

type RBAC

type RBAC struct {
	Enabled     bool              `json:"enabled" jsonschema:"required"`
	Annotations map[string]string `json:"annotations" jsonschema:"required"`
}

type RackAwareness

type RackAwareness struct {
	Enabled        bool   `json:"enabled" jsonschema:"required"`
	NodeAnnotation string `json:"nodeAnnotation" jsonschema:"required"`
}

type RedpandaResources

type RedpandaResources struct {
	CPU struct {
		Cores           resource.Quantity `json:"cores" jsonschema:"required"`
		Overprovisioned *bool             `json:"overprovisioned"`
	} `json:"cpu" jsonschema:"required"`
	// Memory resources
	// For details,
	// see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-memory-resources).
	Memory struct {
		// Enables memory locking.
		// For production, set to `true`.
		EnableMemoryLocking *bool `json:"enable_memory_locking"`
		// It is recommended to have at least 2Gi of memory per core for the Redpanda binary.
		// This memory is taken from the total memory given to each container.
		// The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for
		// the Seastar subsystem (reserveMemory) and other container processes.
		// So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi.
		//
		// These values affect `--memory` and `--reserve-memory` flags passed to Redpanda and the memory
		// requests/limits in the StatefulSet.
		// Valid suffixes: k, M, G, T, P, E, Ki, Mi, Gi, Ti, Pi, Ei
		// Suffixes are defined as International System of units (http://physics.nist.gov/cuu/Units/binary.html).
		// To create `Guaranteed` Pod QoS for Redpanda brokers, provide both container max and min values for the container.
		// For details, see
		// https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed
		// * Every container in the Pod must have a memory limit and a memory request.
		// * For every container in the Pod, the memory limit must equal the memory request.
		Container struct {
			// Minimum memory count for each Redpanda broker.
			// If omitted, the `min` value is equal to the `max` value (requested resources defaults to limits).
			// This setting is equivalent to `resources.requests.memory`.
			// For production, use 10Gi or greater.
			Min *resource.Quantity `json:"min"`
			// Maximum memory count for each Redpanda broker.
			// Equivalent to `resources.limits.memory`.
			// For production, use `10Gi` or greater.
			Max resource.Quantity `json:"max" jsonschema:"required"`
		} `json:"container" jsonschema:"required"`
		// This optional `redpanda` object allows you to specify the memory size for both the Redpanda
		// process and the underlying reserved memory used by Seastar.
		// This section is omitted by default, and memory sizes are calculated automatically
		// based on container memory.
		// Uncommenting this section and setting memory and reserveMemory values will disable
		// automatic calculation.
		//
		// If you are setting the following values manually, keep in mind the following guidelines.
		// Getting this wrong may lead to performance issues, instability, and loss of data:
		// The amount of memory to allocate to a container is determined by the sum of three values:
		// 1. Redpanda (at least 2Gi per core, ~80% of the container's total memory)
		// 2. Seastar subsystem (200Mi * 0.2% of the container's total memory, 200Mi < x < 1Gi)
		// 3. Other container processes (whatever small amount remains)
		Redpanda *struct {
			// Memory for the Redpanda process.
			// This must be lower than the container's memory (resources.memory.container.min if provided, otherwise
			// resources.memory.container.max).
			// Equivalent to --memory.
			// For production, use 8Gi or greater.
			Memory *resource.Quantity `json:"memory"`
			// Memory reserved for the Seastar subsystem.
			// Any value above 1Gi will provide diminishing performance benefits.
			// Equivalent to --reserve-memory.
			// For production, use 1Gi.
			ReserveMemory *resource.Quantity `json:"reserveMemory"`
		} `json:"redpanda"`
	} `json:"memory" jsonschema:"required"`
}

func (*RedpandaResources) GetOverProvisionValue

func (rr *RedpandaResources) GetOverProvisionValue() bool

type ResourceQuantity

type ResourceQuantity resource.Quantity

ResourceQuantity is an extension of resource.Quantity that implements JSONSchemaer. It's specifically for typing a key in TieredStorageConfig.

func (ResourceQuantity) JSONSchema

func (ResourceQuantity) JSONSchema() *jsonschema.Schema

type SASLAuth

type SASLAuth struct {
	Enabled       bool          `json:"enabled" jsonschema:"required"`
	Mechanism     string        `json:"mechanism"`
	SecretRef     string        `json:"secretRef"`
	Users         []SASLUser    `json:"users"`
	BootstrapUser BootstrapUser `json:"bootstrapUser"`
}

type SASLUser

type SASLUser struct {
	Name      string `json:"name"`
	Password  string `json:"password"`
	Mechanism string `json:"mechanism" jsonschema:"pattern=^(SCRAM-SHA-512|SCRAM-SHA-256)$"`
}

type SchemaRegistryClient

type SchemaRegistryClient struct {
	Retries                     int `json:"retries"`
	RetryBaseBackoffMS          int `json:"retry_base_backoff_ms"`
	ProduceBatchRecordCount     int `json:"produce_batch_record_count"`
	ProduceBatchSizeBytes       int `json:"produce_batch_size_bytes"`
	ProduceBatchDelayMS         int `json:"produce_batch_delay_ms"`
	ConsumerRequestTimeoutMS    int `json:"consumer_request_timeout_ms"`
	ConsumerRequestMaxBytes     int `json:"consumer_request_max_bytes"`
	ConsumerSessionTimeoutMS    int `json:"consumer_session_timeout_ms"`
	ConsumerRebalanceTimeoutMS  int `json:"consumer_rebalance_timeout_ms"`
	ConsumerHeartbeatIntervalMS int `json:"consumer_heartbeat_interval_ms"`
}

type SchemaRegistryExternal

type SchemaRegistryExternal struct {
	// Enabled indicates if this listener is enabled. If not specified,
	// defaults to the value of [ExternalConfig.Enabled].
	Enabled              *bool                     `json:"enabled"`
	AdvertisedPorts      []int32                   `json:"advertisedPorts" jsonschema:"minItems=1"`
	Port                 int32                     `json:"port"`
	NodePort             *int32                    `json:"nodePort"`
	AuthenticationMethod *HTTPAuthenticationMethod `json:"authenticationMethod"`
	TLS                  *ExternalTLS              `json:"tls"`
}

func (*SchemaRegistryExternal) IsEnabled

func (l *SchemaRegistryExternal) IsEnabled() bool

func (SchemaRegistryExternal) JSONSchemaExtend

func (SchemaRegistryExternal) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

type SchemaRegistryListeners

type SchemaRegistryListeners struct {
	// Enabled indicates if this listener is enabled. If not specified,
	// defaults to the value of [ExternalConfig.Enabled].
	Enabled              bool                                      `json:"enabled" jsonschema:"required"`
	External             ExternalListeners[SchemaRegistryExternal] `json:"external"`
	AuthenticationMethod *HTTPAuthenticationMethod                 `json:"authenticationMethod"`
	KafkaEndpoint        string                                    `json:"kafkaEndpoint" jsonschema:"required,pattern=^[A-Za-z_-][A-Za-z0-9_-]*$"`
	Port                 int32                                     `json:"port" jsonschema:"required"`
	TLS                  InternalTLS                               `json:"tls" jsonschema:"required"`
}

func (*SchemaRegistryListeners) ConsoleTLS

func (sr *SchemaRegistryListeners) ConsoleTLS(tls *TLS) ConsoleTLS

func (SchemaRegistryListeners) JSONSchemaExtend

func (SchemaRegistryListeners) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*SchemaRegistryListeners) Listeners

func (sr *SchemaRegistryListeners) Listeners(saslEnabled bool) []map[string]any

func (*SchemaRegistryListeners) ListenersTLS

func (l *SchemaRegistryListeners) ListenersTLS(tls *TLS) []map[string]any

func (*SchemaRegistryListeners) TrustStores

func (l *SchemaRegistryListeners) TrustStores(tls *TLS) []*TrustStore

TrustStores returns a slice of all configured and enabled [TrustStore]s on both internal and external listeners.

type SecretRef

type SecretRef struct {
	// ConfigurationKey is never read.
	ConfigurationKey string `json:"configurationKey"`
	Key              string `json:"key"`
	Name             string `json:"name"`
}

func (*SecretRef) AsSource

func (sr *SecretRef) AsSource() *corev1.EnvVarSource

func (*SecretRef) IsValid

func (sr *SecretRef) IsValid() bool

IsValid confirms whether EnvVarSource could be built from SecretRef.

type SecurityContext

type SecurityContext struct {
	RunAsUser                *int64 `json:"runAsUser"`
	RunAsGroup               *int64 `json:"runAsGroup"`
	AllowPrivilegeEscalation *bool  `json:"allowPrivilegeEscalation"`
	// AllowPriviledgeEscalation is typoed version of
	// [SecurityContext.AllowPrivilegeEscalation]. It's respected for backwards
	// compatibility.
	// Deprecated: Prefer AllowPrivilegeEscalation.
	AllowPriviledgeEscalation *bool                          `json:"allowPriviledgeEscalation"`
	RunAsNonRoot              *bool                          `json:"runAsNonRoot"`
	FSGroup                   *int64                         `json:"fsGroup"`
	FSGroupChangePolicy       *corev1.PodFSGroupChangePolicy `json:"fsGroupChangePolicy"`
}

SecurityContext is a legacy mishmash of corev1.PodSecurityContext and corev1.SecurityContext. It's type exists for backwards compat purposes only.

type Service

type Service struct {
	Name     *string `json:"name"`
	Internal struct {
		Annotations map[string]string `json:"annotations"`
	} `json:"internal"`
}

type ServiceAccountCfg

type ServiceAccountCfg struct {
	Annotations                  map[string]string `json:"annotations" jsonschema:"required"`
	AutomountServiceAccountToken *bool             `json:"automountServiceAccountToken,omitempty"`
	Create                       bool              `json:"create" jsonschema:"required"`
	Name                         string            `json:"name" jsonschema:"required"`
}

type Statefulset

type Statefulset struct {
	AdditionalSelectorLabels map[string]string `json:"additionalSelectorLabels" jsonschema:"required"`
	NodeAffinity             map[string]any    `json:"nodeAffinity"`
	Replicas                 int32             `json:"replicas" jsonschema:"required"`
	UpdateStrategy           struct {
		Type string `json:"type" jsonschema:"required,pattern=^(RollingUpdate|OnDelete)$"`
	} `json:"updateStrategy" jsonschema:"required"`
	AdditionalRedpandaCmdFlags []string `json:"additionalRedpandaCmdFlags"`
	// Annotations are used only for `Statefulset.spec.template.metadata.annotations`. The StatefulSet does not have
	// any dedicated annotation.
	Annotations map[string]string `json:"annotations" jsonschema:"deprecated"`
	PodTemplate PodTemplate       `json:"podTemplate" jsonschema:"required"`
	Budget      struct {
		MaxUnavailable int32 `json:"maxUnavailable" jsonschema:"required"`
	} `json:"budget" jsonschema:"required"`
	StartupProbe struct {
		InitialDelaySeconds int32 `json:"initialDelaySeconds" jsonschema:"required"`
		FailureThreshold    int32 `json:"failureThreshold" jsonschema:"required"`
		PeriodSeconds       int32 `json:"periodSeconds" jsonschema:"required"`
	} `json:"startupProbe" jsonschema:"required"`
	LivenessProbe struct {
		InitialDelaySeconds int32 `json:"initialDelaySeconds" jsonschema:"required"`
		FailureThreshold    int32 `json:"failureThreshold" jsonschema:"required"`
		PeriodSeconds       int32 `json:"periodSeconds" jsonschema:"required"`
	} `json:"livenessProbe" jsonschema:"required"`
	ReadinessProbe struct {
		InitialDelaySeconds int32 `json:"initialDelaySeconds" jsonschema:"required"`
		FailureThreshold    int32 `json:"failureThreshold" jsonschema:"required"`
		PeriodSeconds       int32 `json:"periodSeconds" jsonschema:"required"`
		SuccessThreshold    int32 `json:"successThreshold"`
		TimeoutSeconds      int32 `json:"timeoutSeconds"`
	} `json:"readinessProbe" jsonschema:"required"`
	PodAffinity     map[string]any `json:"podAffinity" jsonschema:"required"`
	PodAntiAffinity struct {
		TopologyKey string         `json:"topologyKey" jsonschema:"required"`
		Type        string         `json:"type" jsonschema:"required,pattern=^(hard|soft|custom)$"`
		Weight      int32          `json:"weight" jsonschema:"required"`
		Custom      map[string]any `json:"custom"`
	} `json:"podAntiAffinity" jsonschema:"required"`
	NodeSelector                  map[string]string `json:"nodeSelector" jsonschema:"required"`
	PriorityClassName             string            `json:"priorityClassName" jsonschema:"required"`
	TerminationGracePeriodSeconds int64             `json:"terminationGracePeriodSeconds"`
	TopologySpreadConstraints     []struct {
		MaxSkew           int32                                `json:"maxSkew"`
		TopologyKey       string                               `json:"topologyKey"`
		WhenUnsatisfiable corev1.UnsatisfiableConstraintAction `json:"whenUnsatisfiable" jsonschema:"pattern=^(ScheduleAnyway|DoNotSchedule)$"`
	} `json:"topologySpreadConstraints" jsonschema:"required,minItems=1"`
	Tolerations []corev1.Toleration `json:"tolerations" jsonschema:"required"`
	// Deprecated. Prefer [PodTemplate.Spec.SecurityContext].
	PodSecurityContext *SecurityContext `json:"podSecurityContext"`
	// Deprecated. Prefer [PodTemplate.Spec.Containers[*].SecurityContext].
	SecurityContext SecurityContext `json:"securityContext" jsonschema:"required"`
	SideCars        struct {
		ConfigWatcher struct {
			Enabled           bool                    `json:"enabled"`
			ExtraVolumeMounts string                  `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
			Resources         map[string]any          `json:"resources"`
			SecurityContext   *corev1.SecurityContext `json:"securityContext"`
		} `json:"configWatcher"`
		Controllers struct {
			Image struct {
				Tag        ImageTag `json:"tag" jsonschema:"required,default=Chart.appVersion"`
				Repository string   `json:"repository" jsonschema:"required,default=docker.redpanda.com/redpandadata/redpanda-operator"`
			} `json:"image"`
			Enabled            bool                    `json:"enabled"`
			CreateRBAC         bool                    `json:"createRBAC"`
			Resources          any                     `json:"resources"`
			SecurityContext    *corev1.SecurityContext `json:"securityContext"`
			HealthProbeAddress string                  `json:"healthProbeAddress"`
			MetricsAddress     string                  `json:"metricsAddress"`
			PprofAddress       string                  `json:"pprofAddress"`
			Run                []string                `json:"run"`
		} `json:"controllers"`
	} `json:"sideCars" jsonschema:"required"`
	ExtraVolumes      string `json:"extraVolumes"`      // XXX this is template-expanded into yaml
	ExtraVolumeMounts string `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
	InitContainers    struct {
		Configurator struct {
			ExtraVolumeMounts string         `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
			Resources         map[string]any `json:"resources"`
		} `json:"configurator"`
		FSValidator struct {
			Enabled           bool           `json:"enabled"`
			Resources         map[string]any `json:"resources"`
			ExtraVolumeMounts string         `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
			ExpectedFS        string         `json:"expectedFS"`
		} `json:"fsValidator"`
		SetDataDirOwnership struct {
			Enabled           bool           `json:"enabled"`
			Resources         map[string]any `json:"resources"`
			ExtraVolumeMounts string         `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
		} `json:"setDataDirOwnership"`
		SetTieredStorageCacheDirOwnership struct {
			// Enabled           bool           `json:"enabled"`
			Resources         map[string]any `json:"resources"`
			ExtraVolumeMounts string         `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
		} `json:"setTieredStorageCacheDirOwnership"`
		Tuning struct {
			// Enabled           bool           `json:"enabled"`
			Resources         map[string]any `json:"resources"`
			ExtraVolumeMounts string         `json:"extraVolumeMounts"` // XXX this is template-expanded into yaml
		} `json:"tuning"`
		ExtraInitContainers string `json:"extraInitContainers"` // XXX this is template-expanded into yaml
	} `json:"initContainers"`
	InitContainerImage struct {
		Repository string `json:"repository"`
		Tag        string `json:"tag"`
	} `json:"initContainerImage"`
}

func (Statefulset) JSONSchemaExtend

func (Statefulset) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

type Storage

type Storage struct {
	HostPath         string `json:"hostPath" jsonschema:"required"`
	Tiered           Tiered `json:"tiered" jsonschema:"required"`
	PersistentVolume *struct {
		Annotations   map[string]string `json:"annotations" jsonschema:"required"`
		Enabled       bool              `json:"enabled" jsonschema:"required"`
		Labels        map[string]string `json:"labels" jsonschema:"required"`
		Size          resource.Quantity `json:"size" jsonschema:"required"`
		StorageClass  string            `json:"storageClass" jsonschema:"required"`
		NameOverwrite string            `json:"nameOverwrite"`
	} `json:"persistentVolume" jsonschema:"required,deprecated"`
	TieredConfig                  TieredStorageConfig `json:"tieredConfig" jsonschema:"deprecated"`
	TieredStorageHostPath         string              `json:"tieredStorageHostPath" jsonschema:"deprecated"`
	TieredStoragePersistentVolume *struct {
		Annotations  map[string]string `json:"annotations" jsonschema:"required"`
		Enabled      bool              `json:"enabled" jsonschema:"required"`
		Labels       map[string]string `json:"labels" jsonschema:"required"`
		StorageClass string            `json:"storageClass" jsonschema:"required"`
	} `json:"tieredStoragePersistentVolume" jsonschema:"deprecated"`
}

func (*Storage) GetTieredStorageConfig

func (s *Storage) GetTieredStorageConfig() TieredStorageConfig

func (*Storage) GetTieredStorageHostPath

func (s *Storage) GetTieredStorageHostPath() string

was: storage-tiered-hostpath

func (*Storage) IsTieredStorageEnabled

func (s *Storage) IsTieredStorageEnabled() bool

func (Storage) JSONSchemaExtend

func (Storage) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*Storage) StorageMinFreeBytes

func (s *Storage) StorageMinFreeBytes() int64

func (*Storage) TieredCacheDirectory

func (s *Storage) TieredCacheDirectory(dot *helmette.Dot) string

TieredCacheDirectory was: tieredStorage.cacheDirectory

func (*Storage) TieredMountType

func (s *Storage) TieredMountType() string

TieredMountType was: storage-tiered-mountType

func (*Storage) TieredPersistentVolumeAnnotations

func (s *Storage) TieredPersistentVolumeAnnotations() map[string]string

Storage.TieredPersistentVolumeAnnotations was storage-tiered-persistentVolume.annotations support legacy storage.tieredStoragePersistentVolume

func (*Storage) TieredPersistentVolumeLabels

func (s *Storage) TieredPersistentVolumeLabels() map[string]string

Storage.TieredPersistentVolumeLabels was storage-tiered-persistentVolume.labels support legacy storage.tieredStoragePersistentVolume

func (*Storage) TieredPersistentVolumeStorageClass

func (s *Storage) TieredPersistentVolumeStorageClass() string

storage.TieredPersistentVolumeStorageClass was storage-tiered-persistentVolume.storageClass support legacy storage.tieredStoragePersistentVolume

type TLS

type TLS struct {
	Enabled bool       `json:"enabled" jsonschema:"required"`
	Certs   TLSCertMap `json:"certs" jsonschema:"required"`
}

type TLSCert

type TLSCert struct {
	// Enabled should be interpreted as `true` if not set.
	Enabled               *bool                        `json:"enabled"`
	CAEnabled             bool                         `json:"caEnabled" jsonschema:"required"`
	ApplyInternalDNSNames *bool                        `json:"applyInternalDNSNames"`
	Duration              string                       `json:"duration" jsonschema:"pattern=.*[smh]$"`
	IssuerRef             *cmmeta.ObjectReference      `json:"issuerRef"`
	SecretRef             *corev1.LocalObjectReference `json:"secretRef"`
	ClientSecretRef       *corev1.LocalObjectReference `json:"clientSecretRef"`
}

type TLSCertMap

type TLSCertMap map[string]TLSCert

func (TLSCertMap) JSONSchemaExtend

func (TLSCertMap) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (TLSCertMap) MustGet

func (m TLSCertMap) MustGet(name string) *TLSCert

type Tiered

type Tiered struct {
	CredentialsSecretRef TieredStorageCredentials `json:"credentialsSecretRef"`
	Config               TieredStorageConfig      `json:"config"`
	HostPath             string                   `json:"hostPath"`
	MountType            string                   `json:"mountType" jsonschema:"required,pattern=^(none|hostPath|emptyDir|persistentVolume)$"`
	PersistentVolume     struct {
		Annotations   map[string]string `json:"annotations" jsonschema:"required"`
		Enabled       bool              `json:"enabled"`
		Labels        map[string]string `json:"labels" jsonschema:"required"`
		NameOverwrite string            `json:"nameOverwrite"`
		Size          string            `json:"size"`
		StorageClass  string            `json:"storageClass" jsonschema:"required"`
	} `json:"persistentVolume"`
}

type TieredStorageConfig

type TieredStorageConfig map[string]any

func (TieredStorageConfig) CloudStorageCacheSize

func (c TieredStorageConfig) CloudStorageCacheSize() *resource.Quantity

func (TieredStorageConfig) HasAzureCanaries

func (c TieredStorageConfig) HasAzureCanaries() bool

HasAzureCanaries returns true if this configuration has keys set that would indicate the configuration is for a MSFT Azure environment.

If true, [TieredStorageCredentials.SecretKey] should be treated as the value for `cloud_storage_azure_shared_key` instead of `cloud_storage_secret_key`.

func (TieredStorageConfig) JSONSchema

func (TieredStorageConfig) JSONSchema() *jsonschema.Schema

+gotohelm:ignore=true

func (TieredStorageConfig) Translate

func (c TieredStorageConfig) Translate(creds *TieredStorageCredentials) map[string]any

Translate converts TieredStorageConfig into a map suitable for use in an unexpanded `.bootstrap.yaml`.

type TieredStorageCredentials

type TieredStorageCredentials struct {
	AccessKey *SecretRef `json:"accessKey"`
	SecretKey *SecretRef `json:"secretKey"`
}

func (*TieredStorageCredentials) AsEnvVars

func (tsc *TieredStorageCredentials) AsEnvVars(config TieredStorageConfig) []corev1.EnvVar

type TrustStore

type TrustStore struct {
	ConfigMapKeyRef *corev1.ConfigMapKeySelector `json:"configMapKeyRef"`
	SecretKeyRef    *corev1.SecretKeySelector    `json:"secretKeyRef"`
}

func (TrustStore) JSONSchemaExtend

func (TrustStore) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*TrustStore) RelativePath

func (t *TrustStore) RelativePath() string

func (*TrustStore) TrustStoreFilePath

func (t *TrustStore) TrustStoreFilePath() string

func (*TrustStore) VolumeProjection

func (t *TrustStore) VolumeProjection() corev1.VolumeProjection

type TunableConfig

type TunableConfig map[string]any

func (TunableConfig) JSONSchemaExtend

func (TunableConfig) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

func (*TunableConfig) Translate

func (c *TunableConfig) Translate() map[string]any

type Tuning

type Tuning struct {
	TuneAIOEvents   bool   `json:"tune_aio_events,omitempty"`
	TuneClocksource bool   `json:"tune_clocksource,omitempty"`
	TuneBallastFile bool   `json:"tune_ballast_file,omitempty"`
	BallastFilePath string `json:"ballast_file_path,omitempty"`
	BallastFileSize string `json:"ballast_file_size,omitempty"`
	WellKnownIO     string `json:"well_known_io,omitempty"`
}

func (*Tuning) Translate

func (t *Tuning) Translate() map[string]any

type Values

type Values struct {
	NameOverride     string                        `json:"nameOverride"`
	FullnameOverride string                        `json:"fullnameOverride"`
	ClusterDomain    string                        `json:"clusterDomain"`
	CommonLabels     map[string]string             `json:"commonLabels"`
	NodeSelector     map[string]string             `json:"nodeSelector"`
	Affinity         corev1.Affinity               `json:"affinity" jsonschema:"required"`
	Tolerations      []corev1.Toleration           `json:"tolerations"`
	Image            Image                         `json:"image" jsonschema:"required,description=Values used to define the container image to be used for Redpanda"`
	Service          *Service                      `json:"service"`
	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets"`
	LicenseKey       string                        `` /* 183-byte string literal not displayed */
	LicenseSecretRef *LicenseSecretRef             `json:"license_secret_ref" jsonschema:"deprecated"`
	AuditLogging     AuditLogging                  `json:"auditLogging"`
	Enterprise       Enterprise                    `json:"enterprise"`
	RackAwareness    RackAwareness                 `json:"rackAwareness"`
	Console          console.PartialValues         `json:"console,omitempty"`
	Connectors       connectors.PartialValues      `json:"connectors"`
	Auth             Auth                          `json:"auth"`
	TLS              TLS                           `json:"tls"`
	External         ExternalConfig                `json:"external"`
	Logging          Logging                       `json:"logging"`
	Monitoring       Monitoring                    `json:"monitoring"`
	Resources        RedpandaResources             `json:"resources"`
	Storage          Storage                       `json:"storage"`
	PostInstallJob   PostInstallJob                `json:"post_install_job"`
	Statefulset      Statefulset                   `json:"statefulset"`
	ServiceAccount   ServiceAccountCfg             `json:"serviceAccount"`
	RBAC             RBAC                          `json:"rbac"`
	Tuning           Tuning                        `json:"tuning"`
	Listeners        Listeners                     `json:"listeners"`
	Config           Config                        `json:"config"`
	Tests            *struct {
		Enabled bool `json:"enabled"`
	} `json:"tests"`
	Force bool `json:"force"`
}

func (Values) JSONSchemaExtend

func (Values) JSONSchemaExtend(schema *jsonschema.Schema)

+gotohelm:ignore=true

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL